Key Takeaways: Global cybersecurity spending has surpassed $300 billion for the first time, with AI agents now outnumbering human enterprise identities 109 to 1 and ransomware attacks surging 389% year-over-year.
Key Takeaways: Global cybersecurity spending has surpassed $300 billion for the first time, with AI agents now outnumbering human enterprise identities 109 to 1 and ransomware attacks surging 389% year-over-year.

Global cybersecurity spending has surpassed $300 billion for the first time, with AI agents now outnumbering human enterprise identities 109 to 1 and ransomware attacks surging 389% year-over-year.
Global cybersecurity spending has crossed $300 billion in 2026, as AI-powered threats — from prompt-injection attacks to deepfake voice clones — force enterprises to expand their defense budgets at an unprecedented pace.
"AI agents now outnumber human identities within enterprises by roughly 109 to 1," according to Fortinet's threat report, which logged a 389% year-over-year jump in ransomware victims. Check Point measured a 51-point gap between corporate AI adoption and security readiness, the firm said in its latest security survey.
Three exchange-traded funds offer distinct approaches to capturing the spending wave. The First Trust NASDAQ Cybersecurity ETF (CIBR) holds $13.01 billion in assets across 46 holdings, blending specialized vendors with networking giants such as Cisco and Broadcom. The Amplify Cybersecurity ETF (HACK) uses a modified equal-weight method across 23 names, tilting toward smaller pure-play firms including Rubrik and SentinelOne. The Global X Cybersecurity ETF (BUG) applies the strictest filter, requiring companies to derive at least 50% of revenue from cybersecurity — a rule that excludes Cisco, Broadcom, Accenture and IBM, which together account for roughly a fifth of CIBR's portfolio.
The divergence in strategy produces different return profiles. CIBR has gained nearly 24% year-to-date, while HACK leads the group with a 28% return and BUG trails at 22%. Over a one-year horizon, the gap widens: CIBR returned 15%, while BUG posted a negative 4% return, reflecting the volatility of a purer software-vendor mix. BUG's momentum has shifted recently, returning 8% over the past month as the AI-threat narrative reasserted itself following the brief Anthropic Claude Mythos panic in early June.
The Platform vs. Pure-Play Tradeoff
CIBR's largest holdings — Palo Alto Networks at 9%, CrowdStrike at 8%, Fortinet at 7%, and Cisco and Broadcom at 8% each — reflect a platform consolidation thesis. Palo Alto formed a NATO partnership and launched its Idira identity layer for AI agents, while Fortinet's first-quarter 2026 billings grew 31%, driven by demand for AI and operational technology. Cisco and Broadcom give CIBR exposure to the networking layer where AI traffic moves, a segment pure software funds miss entirely.
HACK's equal-weight structure amplifies exposure to smaller names. The fund's 0.86 beta understates its sector-specific volatility because the 23-name portfolio means a single weak quarter from a top holding hits harder than it would in CIBR's more diversified structure. Its dividend yield of 0.06% means the return engine is entirely capital appreciation tied to enterprise software multiples.
BUG's 50% revenue screen creates the cleanest expression of the cybersecurity thesis. With 35 holdings and no diversification into adjacent IT services, every dollar is tied to dedicated security revenue. The tradeoff: when spending broadens into hybrid networking and services budgets, the same screen leaves money on the table. BUG's expense ratio of 0.50% makes it the cheapest of the three.
Investment Implications
The three funds map to different convictions about the same trend. CIBR suits investors who want cybersecurity exposure without taking a view on whether platform vendors or pure-plays capture spending — its networking and services holdings act as ballast when software sentiment sours. HACK fits those who crave higher volatility from smaller firms, though the 23-name portfolio introduces more concentration risk. BUG serves investors who demand every dollar be tied to dedicated cybersecurity revenue.
Top holdings overlap heavily across all three: Palo Alto, CrowdStrike, Fortinet and Zscaler appear in every portfolio. The weighting and the tail are where the funds diverge, and that divergence allows a three-way blend to behave as a diversified position rather than a triple-counted single bet.
This article is for informational purposes only and does not constitute investment advice.