How you can profit from cybercrime - legally

Here's how you can profit from hacking
Here's how you can profit from hacking

There's a good chance that at least one company or government agency you do business with has been hacked in the past two years.

Major retailers, banks, healthcare companies, media firms and governments have all been hit.

And cybercrime is not going away anytime soon. Just ask people at Target (TGT), Home Depot (HD) or JPMorgan Chase (JPM) -- or more recently, the IRS.

That's the main reason why a relatively new exchange-traded fund (ETF) that focuses on the cybersecurity industry has been a huge hit on Wall Street.

Related: IRS says 2.7 million taxpayers had identity stolen

The PureFunds ISE Cyber Security ETF (HACK), which has the appropriate ticker symbol of HACK, is up nearly 30% since it started trading last November.

The ETF owns companies that help businesses protect themselves from data breaches. They may not be able to stop them entirely. But they often minimize the damage.

Some focus more on firewalls -- like Palo Alto Networks (PANW) and Infoblox (BLOX).

CyberArk (CYBR) has software that helps keep "privileged accounts" -- stuff like log-in info for a big company's IT managers and high-level executives as well as passwords to social media accounts -- safe.

And FireEye (FEYE) owns Mandiant -- a consulting firm that was hired by both Sony and health insurer Anthem after their high profile hacks.

Related: What the future of crime looks like

Demand should continue to increase for FireEye and many of its rivals.

"Cyberwar and cybercrime are two of the defining geopolitical and business challenges of our time," wrote analysts at Goldman Sachs in a report last week on the cybersecurity sector.

The Goldman Sachs analysts added that nearly 60% of chief information security officers they surveyed in May planned to boost security spending by at least 5%.

Tech research firm Gartner estimates that about $77 billion will be spent on cybersecurity this year.

President Obama has asked for $14 billion devoted to cybersecurity in the fiscal 2016 U.S. budget.

Related: Congressmen say FBI wants to make smartphones less safe

And defense contractors have taken notice. Missile maker Raytheon acquired cybersecurity firm Websense earlier this year for nearly $2 billion.

Businesses and bureaucrats know they must do a better job of protecting credit card information, Social Security numbers, passwords and other important data about customers, employees and taxpayers.

But investors should be a little careful. Many of the stocks in the ETF are trading at extremely high valuations. And it's fair to wonder if this ETF is a a little too gimmicky for its own good.

There have been several other tech ETFs that have debuted in the past few years that also screamed niche -- and have lagged the broader market.

Related: Irony alert! Password-storing firm just got hacked

The First Trust NASDAQ CEA Smartphone ETF (FONE) is only up 40% since it started trading in February 2011 -- much lower than the Nasdaq and Apple (AAPL).

Then there's the Global X Social Media Index ETF (SOCL) -- which launched in late 2011 just a few months before Facebook (FB) went public. This ETF has also underperformed the Nasdaq as well as Facebook.

The good news about investing in an ETF is that you get diversification. But the bad news is that when you buy an ETF that has such a narrow focus, you are probably going to wind up owning some of the winners and losers.

Look at the smartphone ETF. Apple has been an iMazing stock the past few years. But other big holdings in the ETF, such as Samsung (SSNLF), Kyocera (KYO) and BlackBerry (BBRY)? Not so much.

Related: How safe are you? Read CNNMoney's cybersecurity Flipboard

Ditto for the social media ETF. Facebook is the top holding. And the stock has been on fire ever since its early growing pains as a public company.

However, the ETF also owns some big losers, including Twitter (TWTR), Groupon (GRPN) and Zynga (ZNGA).

For now, nearly all the cybersecurity companies are doing well. And they should continue to do so as long as there are more high profile hacks. But it may not stay that way forever.

So investors that want to bet on the business may also want to look at larger blue chips in tech that are also increasing their presence in cybersecurity -- companies like Cisco (CSCO), EMC (EMC) and IBM (IBM).

Sure, none of them will grow as rapidly as any of the smaller pure play firms. But they'll get a piece of the growing cybersecurity pie too -- and give your portfolio a little more security as well.

Mortgage & Savings


Newsletter

CNNMoney Sponsors