Most agencies fail to align with government’s cyber recommendations

A significant proportion of recruitment firms do not align with the government’s minimum level of cyber security standards.

This is the finding from a new study by recruitment-specialist IT services company Atlas Cloud.

Teaming up again with the Association of Professional Staffing Companies (APSCo), Atlas Cloud cross-referenced the industry body’s member portfolio with cyber security standard IASME’s official website of published Cyber Essentials certifications. Of the 584 recruitment agencies, just 15% had been certified within the last 12 months. 

Cyber Essentials is a self-assessment accreditation process that the government introduced in 2014. It’s designed to help UK organisations confirm they have a minimum level of cyber security protection in place, with the accompanying certification helping businesses demonstrate externally that they take data protection seriously. 

The UK government recommends Cyber Essentials certification for public sector contracts, meaning 85% of agencies are making themselves unfavourable for public sector roles. 

Moreover, the study raises questions about the seriousness of the industry’s desire to protect the personally identifiable information of its candidates. 

“Agencies pride themselves on their ability to harness this valuable data – often including IDs and payroll data when providing temp services – yet seem unwilling to demonstrate their due diligence externally through what is widely considered to be the most basic and lowest-cost accreditation,” Atlas Cloud said in its statement.

It is not clear from this study if agencies are choosing to manage cyber defences in ways other than aligning with the Cyber Essentials standard. Separate research from Atlas Cloud earlier this year did, however, uncover widespread security loopholes across the industry – including finding evidence of one or more breached employee passwords at over three-quarters of agencies.

Breaches in the recruitment and staffing sector are particularly harmful due to the importance of data in the industry. Atlas Cloud’s case study from last year details the knock-on effect this has on an agency’s reputation. 

Pete Watson, CEO of Atlas Cloud, offers some advice to recruitment bosses: “If you’ve already sorted the basics, Cyber Essentials is an easy accreditation to achieve – unlocking your agency to more public sector roles and arming consultants with another reason to choose them. If you’ve not [sorted the basics], you’re carrying a level of risk that I don’t believe any individual would be comfortable with if well-informed on the subject.”

• Comment below on this story. Or let us know what you think by emailing us at [email protected] or tweet us to tell us your thoughts or share this story with a friend.

REC AGM: New government set to create industrial strategy council

A new industrial strategy council that will set targets and monitor progress across government is likely to be created under the new Labour government.

New to Market 12 July 2024

QX Global Group receives £100m growth investment from Long Ridge

QX Global Group, a provider of business process management (BPM) and offshore recruitment services, has received a £100m investment from US-headquartered Long Ridge Equity Partners.

Contracts 11 July 2024

Home Secretary Cooper seeks to recruit border security commander

Recruitment begins today [8 July 2024] for a border security commander reporting directly to the UK home secretary as a new UK Border Security Command is established.

People 8 July 2024


This week’s new launches include: Alliance (CS), Crerar Hotel Group, Gaia

New to Market 8 July 2024