Most agencies fail to align with government’s cyber recommendations

A significant proportion of recruitment firms do not align with the government’s minimum level of cyber security standards.

This is the finding from a new study by recruitment-specialist IT services company Atlas Cloud.

Teaming up again with the Association of Professional Staffing Companies (APSCo), Atlas Cloud cross-referenced the industry body’s member portfolio with cyber security standard IASME’s official website of published Cyber Essentials certifications. Of the 584 recruitment agencies, just 15% had been certified within the last 12 months. 

Cyber Essentials is a self-assessment accreditation process that the government introduced in 2014. It’s designed to help UK organisations confirm they have a minimum level of cyber security protection in place, with the accompanying certification helping businesses demonstrate externally that they take data protection seriously. 

The UK government recommends Cyber Essentials certification for public sector contracts, meaning 85% of agencies are making themselves unfavourable for public sector roles. 

Moreover, the study raises questions about the seriousness of the industry’s desire to protect the personally identifiable information of its candidates. 

“Agencies pride themselves on their ability to harness this valuable data – often including IDs and payroll data when providing temp services – yet seem unwilling to demonstrate their due diligence externally through what is widely considered to be the most basic and lowest-cost accreditation,” Atlas Cloud said in its statement.

It is not clear from this study if agencies are choosing to manage cyber defences in ways other than aligning with the Cyber Essentials standard. Separate research from Atlas Cloud earlier this year did, however, uncover widespread security loopholes across the industry – including finding evidence of one or more breached employee passwords at over three-quarters of agencies.

Breaches in the recruitment and staffing sector are particularly harmful due to the importance of data in the industry. Atlas Cloud’s case study from last year details the knock-on effect this has on an agency’s reputation. 

Pete Watson, CEO of Atlas Cloud, offers some advice to recruitment bosses: “If you’ve already sorted the basics, Cyber Essentials is an easy accreditation to achieve – unlocking your agency to more public sector roles and arming consultants with another reason to choose them. If you’ve not [sorted the basics], you’re carrying a level of risk that I don’t believe any individual would be comfortable with if well-informed on the subject.”

• Comment below on this story. Or let us know what you think by emailing us at [email protected] or tweet us to tell us your thoughts or share this story with a friend.


This week’s appointments include: Baltimore Consulting, Ford and Stanley, Heidrick & Struggles, Know Someone, NRL, Sellick Partnership, The Access Group

People 12 February 2024

Dept for Education campaign to encourage staff to teach in Further Education

The Department for Education’s Teach in Further Education campaign is calling on those with industry experience to teach in FE.

New to Market 18 January 2024


This week’s appointments include: Acorn by Synergie, Ciphr, Innovate Talent, Nash Squared, Realm Recruit, TaskMaster Public Sector, VIQU

People 15 January 2024

Resource Finder’s radiologist recruitment in India gives better outcome for NHS trust

UK agency Resource Finder says its in-person recruiting trips abroad to bring on board medical staff for NHS trusts is resulting in “a better outcome for all parties”.

30 November 2023