This is the finding from a new study by recruitment-specialist IT services company Atlas Cloud.

Teaming up again with the Association of Professional Staffing Companies (APSCo), Atlas Cloud cross-referenced the industry body’s member portfolio with cyber security standard IASME’s official website of published Cyber Essentials certifications. Of the 584 recruitment agencies, just 15% had been certified within the last 12 months. 

Cyber Essentials is a self-assessment accreditation process that the government introduced in 2014. It’s designed to help UK organisations confirm they have a minimum level of cyber security protection in place, with the accompanying certification helping businesses demonstrate externally that they take data protection seriously. 

The UK government recommends Cyber Essentials certification for public sector contracts, meaning 85% of agencies are making themselves unfavourable for public sector roles. 

Moreover, the study raises questions about the seriousness of the industry’s desire to protect the personally identifiable information of its candidates. 

“Agencies pride themselves on their ability to harness this valuable data – often including IDs and payroll data when providing temp services – yet seem unwilling to demonstrate their due diligence externally through what is widely considered to be the most basic and lowest-cost accreditation,” Atlas Cloud said in its statement.

It is not clear from this study if agencies are choosing to manage cyber defences in ways other than aligning with the Cyber Essentials standard. Separate research from Atlas Cloud earlier this year did, however, uncover widespread security loopholes across the industry – including finding evidence of one or more breached employee passwords at over three-quarters of agencies.

Breaches in the recruitment and staffing sector are particularly harmful due to the importance of data in the industry. Atlas Cloud’s case study from last year details the knock-on effect this has on an agency’s reputation. 

Pete Watson, CEO of Atlas Cloud, offers some advice to recruitment bosses: “If you’ve already sorted the basics, Cyber Essentials is an easy accreditation to achieve – unlocking your agency to more public sector roles and arming consultants with another reason to choose them. If you’ve not [sorted the basics], you’re carrying a level of risk that I don’t believe any individual would be comfortable with if well-informed on the subject.”

• Comment below on this story. Or let us know what you think by emailing us at [email protected] or tweet us to tell us your thoughts or share this story with a friend.