HACK ETF: Military-Grade Cybersecurity Has Become Crucial

The Amplify Cybersecurity ETF (NYSEARCA:HACK) allows investors to obtain broad exposure to stocks specializing in protecting the data assets of corporations, individuals, and the military against cyber criminals and raising the alert in case of a security breach.

Trading at around $64.7 per share at the time of writing, it is still below its all-time high of $67.15 reached in November 2021 and the objective of this thesis is to show that it could benefit from further upside.

Data by YCharts

To support my position, I will identify how it differentiates itself from other ETFs and stands to benefit from the threat level escalating from episodic attacks by ransom-seeking criminals to more permanent cyber warfare involving nation-state actors. This suggests the need for military-grade cybersecurity, as illustrated by the problems facing tech giant Microsoft (MSFT).

The Microsoft Hack Shows The Need For Military-Grade Defenses

The software giant was a victim of a recent cybersecurity attack as per the announcement below dated January 19, and disclosed a nation-state namely Russia was behind all this with the bad actor known as Midnight Blizzard. Noteworthy, the attack had already started in November last year when the email accounts of some of its senior leadership team had been hacked.

Microsoft

Now, this is a very serious issue given that Microsoft has a Security Response Center including detection and vulnerability protection to prevent such mishaps. However, the fact that the attackers were able to penetrate the company's cyber defenses despite its products not presenting any vulnerabilities (as per Microsoft) shows the ability of hostile nation-state-backed hackers to dedicate vast resources to attain their objectives.

As for the motive, while the U.S. is not directly at war with Russia, there are some places where they fight proxy wars, including Ukraine. Now, Microsoft is a big U.S. government contractor for cloud services, which possibly explains the tenacity of the hackers as more than seven weeks later, the company's security team was still unable to force the attacker out of their systems as per the extract below dated March 8.

Microsoft

Exploring further, the reason for the cybercriminals having succeeded seems to be the advancement and persistence of the Midnight Blizzard, implying a highly concerted attack involving advanced planning and execution just like for a military operation.

Thinking aloud, bad actors are also embracing AI to grow in sophistication, signifying that they can potentially automate the hacking process to such an extent that it does not cost them much in terms of man-hours to also target other companies. This can result in widespread hacks and outages. Consequently, the balance between business operations and the need for security has to be shifted more towards security as the traditional calculus consisting of patching up systems with the latest updates and protecting devices (laptops or servers) with endpoint systems to render them invulnerable may be insufficient.

HACK's Holdings And Military-Embedded Cybersecurity

Therefore, in this new threat landscape, commercial cybersecurity which is customized to the needs of the customer after purchase has to give way to custom-made systems just like for the military. This in turn implies spending may shift from consumer cybersecurity to becoming military-grade solutions, like those provided by the IT unit of General Dynamics (GD), or GDIT.

For this purpose, GDIT provides its clients, which includes the U.S. government, with a portfolio of services including cybersecurity, software development, high-performance computing (including AI), and cloud services. Furthermore, it differentiates itself from commercial IT integrators as it builds security right into individual modules instead of adding security features to the whole system.

Looking further, there is also Northrop Grumman's (NOC) Cyber Survivability portfolio providing solutions that can mitigate high-tier threats for weapons systems focusing on unique data types and threat vectors. Here, the need for cybersecurity is created due to discrete systems being interconnected in the war theatre, and, therefore, more likely to be compromised.

Pursuing further, according to Seeking Alpha News, the next fiscal year's proposed defense budget also seems more favorable to technology suppliers instead of the traditional aerospace and defense companies themselves. Two of these are IT services plays Booz Allen Hamilton Holding (BAH), and Leidos (LDOS), both forming part of HACK's holdings as shown below. According to analysts at Wells Fargo (WFC), these two could profit from operations and maintenance funding, which could be increased by 2%.

Now, General Dynamics, Northrop Grumman, Leidos, and Booz Allen together make up only 18% of its portfolio, which leaves 82% to more commercial cybersecurity plays. Even these are evolving as I had covered in a recent article on SentinelOne (S) which has partnered with Mandiant, which has been acquired by Alphabet (GOOG) and whose CEO, Kevin Mandia is an ex-military officer whose strategy also included gathering intelligence on hacker groups.

HACK's Holdings (Amplify ETFs)

Therefore, with its basket of stocks, some of which are specialists that embed cybersecurity right into the control functions of weapon systems while it also includes others that are more consumer-oriented, HACK provides broader exposure and deserves to be valued accordingly.

Valuing HACK

For this purpose, I consider that according to analysts at Canalys, IT spending should accelerate by 6% this year, driven partly by the need to get protection against cyberattacks due to conflicts and intensification of geopolitical tensions.

Now, as per a peer comparison below, HACK's price-to-earnings multiple of 28.29x trades below the average (29.42x) of the four other ETFs by 3.8% which means it deserves better. To value the ETF, the cybersecurity market is expected to expand by 13.1% CAGR from 2024 to 2033. Hence, applying a 13.1% multiplier on HACK's share price of $64.9, I have a target of $73.1.

This bullish position is also supported by the momentum factor.

Thus, after having underperformed the First Trust NASDAQ Cybersecurity (CIBR) by more than 22% during the past three years, HACK has delivered a slightly better year-to-date performance of 7.43%. Furthermore, it has outperformed both the Global X Cybersecurity ETF (BUG) and the iShares Cybersecurity and Tech ETF (IHAK) since the beginning of this year, indicating a possible trend reversal.

Table built using data from Morningstar and Seeking Alpha

On the other hand, given its top ten assets together constitute more than 58% of its weight, it bears higher concentration risks.

In this respect, as I explained in my last two theses on BUG and Fortinet (FTNT), the cybersecurity industry is no longer the same as two years ago, when the top-most priority was to get protection, and costs incurred were rather secondary. This often meant companies sourcing end-point protection from one provider, networking firewall from another, and security operations (or 24/7 monitoring) from a third one.

The Risks Due To Changing Spending Patterns

Now, as a result of tighter budgets caused by higher interest rates, the corporate aim is more to source the most products from one supplier. In addition to reducing costs as purchasing more from the same supplier entitles the buyer to bulk discounts, a single-vendor approach also increases the chances of benefiting from a common data set to derive actionable insights using AI instead of having to integrate data from different sources.

Another factor to consider is large providers like Palo Alto (PANW) now providing free trials in a bid to lure customers to its platforms. This is similar to a freemium strategy, whereby a company offers a product free of charge to obtain client adoption before eventually charging for the product. Depending on how others in the industry react, this can in turn lead to a price war.

As a result of the above, the industry is likely to change, with end-to-end product portfolio suppliers likely to emerge stronger than others in their ability to generate more sales. Along the same lines, the industry can consolidate further, as seen with Cisco's (CSCO) deal to acquire Splunk (SPLK).

At the same time, with a 5.5% exposure to the Aerospace and Defense thematic theme as pictured below, HACK remains vulnerable to a reduction in military spending. Thus, according to Seeking Alpha News, General Dynamics should gain from next fiscal year's proposed defense budget, namely for the U.S. Navy's Arleigh Burke-class destroyer and Columbia-class nuclear-powered ballistic missile submarine. On the other hand, things look uncertain for Northrop Grumman concerning the Sentinel ballistic missile system and B-21 Raider stealth bomber.

Amplify ETFs

Now, when there are such changes, some stocks are going to gain, while others are likely to be volatile.

A Buy While Not Forgetting Rates-Related Risks

Then, unless one researches individual stocks to identify potential beneficiaries, choosing the ETF option makes sense from a diversification perspective. Furthermore, HACK's advantage is it provides exposure to holdings specializing in embedded military systems and IT companies that already work with the U.S. armed forces. As such, in addition to developing hardware that remains functional in rugged conditions and can withstand shocks, their software remains vulnerability-free and cannot be cracked by a hacker. This increases the possibility of obtaining contracts in the commercial space.

To be realistic, they may not necessarily meet the same time-to-market or cost requirements that consumer cybersecurity plays can provide, but, in light of the Microsoft hack, things are likely to change in what has become a permanent cyber warfare war-like theatre, where, the balance between business operations and security will increasingly shift towards the latter. Moreover, as seen with SentinelOne, commercial cybersecurity plays are inking partnerships with those from a military background.

In conclusion, HACK looks poised to deliver further upside. However, beware of volatility risks induced by the general market sentiment in case the Federal Reserve does not cut interest rates as expected later this year. To this end, tech stocks enjoyed an upside with HACK delivering a 0.85% upside on March 12, which was coincidentally the day when inflation figures came out as slightly hotter than expected, which is something abnormal as it increases the probability of rates staying higher for longer.