Tech stocks, like the rest of the broader market, have seen their fair share of ups and downs since Russia’s invasion of Ukraine at the end of February. But for one part of the technology sector — cybersecurity -— it’s been a roaring bull market for the past few weeks.
The ETFMG Prime Cyber Security (HACK) and First Trust NASDAQ Cybersecurity (CIBR) exchange-traded funds, which both own shares of top cybersecurity companies such as Zscaler (ZS), CrowdStrike (CRWD), Cloudflare (NET), Fortinet (FTNT) and Splunk (SPLK), have each surged about 10% since Russia attacked Ukraine.
“The evolution of cyberthreat activity could shape the very nature of conflict in the future,” said S&P Global Market Intelligence in a recent report. “Russian cyberattacks could strike US infrastructure in the wake of the Ukraine conflict, according to national security experts.”
But have the stocks run up too far too fast? Both cyber ETFs are still down more than 7% this year, despite their recent surges. Some of the individual stocks in the funds have suffered even bigger drops. Fortinet and CrowdStrike have both fallen more than 15% this year, for example.
Many investors remain nervous that the broader slowdown in the tech sector could be a sign of weaker demand for cybersecurity services, despite the growing risk of data breaches.
There are also some questions about whether smaller cybersecurity firms will be able to compete with tech juggernauts like Microsoft (MSFT) and Cisco (CSCO), both of which have invested lots of money to bolster their own tech security businesses.
Still, the presence of larger tech companies in cybersecurity might also be a blessing for the smaller players.
“We are absolutely seeing more interest in cybersecurity,” said Sam Masucci, founder and CEO of ETFMG about its ETF and the companies in the fund, which trades under the ticker symbol HACK. “The fund is positioned well for any mergers and acquisitions.”
Shares of Splunk, for example, briefly surged earlier this year on reports that Cisco might want to buy it. And Mandiant, the company formerly known as FireEye, was the subject of a rumor that Microsoft was looking to acquire it.
“Cybersecurity will continue to be a key driver of mergers and acquisitions in 2022,” said Sapana Maheria, practice head of thematic research at GlobalData, in a report last month following the chatter about Cisco and Spunk. She added that the security software market is “ripe for deals.”
That may be true. However, publicly traded cybersecurity companies might now be too rich for some buyers’ blood.
“Valuations are high. There is a lot of cash chasing too few deals and a scarcity of assets. It’s still frothy,” said Steve Vintz, chief financial officer of Tenable (TENB), a cyber risk management company with a history of buying smaller, privately held companies. “You have to be selective with mergers.”