State Street SPDR S&P Kensho Future Security ETF (FITE)
FITE is a thematic fund built around a single conviction: cybersecurity and digital defense will remain a permanent, mission-critical expense for every business and government on Earth. Rather than sector-based (like technology funds) or region-based, FITE identifies companies whose core business is preventing, detecting, or responding to digital attacks—from software vendors that patch vulnerabilities to hardware makers that build secure chips. The underlying index tracks about 40 companies, picked for their involvement in areas like threat detection, identity management, encryption, and incident response. It is a bet on the permanent arms race between attackers and defenders.
The business case underlying the fund
The logic behind FITE is straightforward and defensible. Organizations do not invest in cybersecurity because they want to; they invest because the cost of not doing so—ransomware, data breaches, operational downtime, regulatory fines—is catastrophic. That makes cybersecurity spending something of an obligation rather than a discretionary budget item. A small company needs email security and access controls; a hospital needs to prevent attackers from shutting down life-support systems; a financial institution needs to protect customer funds. Even recessions do not usually crush cybersecurity spending the way they crush, say, cloud-infrastructure spending, because the risk does not go away when growth slows.
This structural tailwind is what theoretically separates a cybersecurity fund from a conventional technology fund. Tech spending is cyclical and tied to economic growth. Security spending is defensive and somewhat recession-resistant. That difference is meaningful but not absolute: a severe recession will dampen security budgets even if it does not eliminate them, and a stock market crash drags all equity prices down regardless of the industry. FITE’s edge rests on the argument that over a full cycle, mandatory spending categories outperform discretionary ones—and security, for most large institutions, is now mandatory.
What FITE includes
The fund tracks companies across the information-security supply chain. That includes large, established vendors—software companies making threat-detection tools, intrusion-prevention systems, and security-orchestration platforms. It includes hardware makers specializing in secure chips or security appliances. It includes managed-service providers that handle security operations for clients that lack the scale to run their own. It includes smaller, more specialized builders of single-point tools for specific threats like API security or cloud-workload protection.
The index methodology screens for companies that derive a material portion of revenue from security products and services—typically 20 percent or more of total revenue from explicit security offerings. This prevents the fund from including, for example, a technology conglomerate that does some security work but derives most of its income from something else. It is a deliberate narrowing, which makes FITE more exposed to true security specialists than a broader tech fund would be, but also more concentrated in a narrower segment of the market.
The concentrated nature of cybersecurity and the risk it creates
Cybersecurity as an industry is dominated by a handful of large vendors—names known in IT departments everywhere—alongside a long tail of specialized boutiques. That concentration is both a strength and a risk for FITE. The strength is that funding flows into proven, enterprise-trusted names, which tend to win market share and grow steadily. The risk is that the fund’s returns are heavily influenced by a small number of large holdings, and if those holdings stumble, FITE stumbles with them. This is concentration risk, and it is more acute in FITE than in a broad technology fund.
A second risk is substitution: many security functions are increasingly being bundled into cloud-infrastructure platforms or operating systems rather than sold separately. Microsoft, Amazon, and Google all expanded their security offerings substantially in recent years, allowing customers to buy identity management or threat detection without going to a specialized vendor. This pushes some security work “inside” the largest technology platforms, where it earns lower profit margins and where FITE has limited exposure. Over time, this bundling could reduce the addressable market for pure-play security companies.
A third risk is that the government or private sector will decide that critical infrastructure—financial systems, hospitals, utilities, defense—needs security so robust that only purpose-built, heavily regulated, non-commercial solutions will suffice. Such a shift would shrink the commercial security market and shift spending toward government-run or non-profit entities outside the purview of a stock fund.
FITE as a thematic bet
FITE is a thematic fund, which means it is built on a narrative about the future—in this case, “the digitization of everything means security is an endless, growing expense.” That narrative is plausible, but it is not certain. Investors should hold two thoughts at once: first, that security is likely to remain important and funded; second, that a thematic fund built around “importance” can still perform badly if the companies chosen do not execute, or if valuations get ahead of the underlying growth, or if the theme becomes crowded and performance-sensitive to sentiment shifts.
Thematic funds often command premium valuations because they attract concentrated, conviction-driven capital. That premium can compress if the theme falls out of favor—a risk any thematic investor should be aware of.
How to research FITE
Start with the fund’s prospectus and the index methodology from State Street, which spell out the exact criteria for inclusion. Look at the top 10 holdings to understand which vendors carry the most weight. Compare the fund’s expense ratio to a broader technology ETF—if FITE costs significantly more, think carefully about whether the cybersecurity concentration adds value to you personally.
Check the fund’s historical performance relative to the broader technology sector, especially over periods when technology as a whole has been in or out of favor. A thematic fund will often lag a broad sector during rallies and outperform during downturns if the theme is truly defensive, but that pattern is not guaranteed. Finally, think about your own view of the future: do you expect cybersecurity as a commercial sector to grow faster than technology broadly, or grow at a steady but unspectacular pace? Your answer to that question should drive whether owning FITE makes sense in your portfolio.