85% of recruitment agencies fail to align with Government recommendation

Posted: 20th Nov 2023
We checked 584 recruitment agencies to see how many were aligned with the UK Government’s minimum level of cyber security standards.
This is an extended version of an article published by Recruiter magazine.

New Research: Monday 20th November 2023

The majority of recruitment firms do not align with the Government’s minimum level of cyber security standards, a new study by recruitment-specialist IT services company Atlas Cloud has found.

Teaming up with APSCo, Atlas Cloud cross-referenced the leading industry body’s member portfolio with IASME’s official website of published Cyber Essentials certifications. Of the 584 recruitment agencies, just 15% had been certified within the last 12 months.

Cyber Essentials is a simple self-assessment accreditation process that the Government introduced in 2014. It’s designed to help UK organisations confirm they have a minimum level of cyber security protection in place, with the accompanying certification helping businesses demonstrate externally that they take data protection seriously.

The UK Government recommends (and in some cases mandates) Cyber Essentials certification for public sector contracts, meaning 85% of agencies are making themselves unfavourable for public sector work.

Moreover, the study raises questions about the seriousness of the industry’s desire to protect the personally identifiable information of its candidates. Agencies pride themselves on their ability to harness this valuable data – often including IDs and payroll data when providing temp services – yet seem unwilling to demonstrate their due diligence externally through what is widely considered to be the most basic and lowest-cost accreditation.

It is not clear from this study if agencies are choosing to manage cyber defences in ways other than aligning with the Cyber Essentials standard. Separate research from Atlas Cloud earlier this year did, however, uncover widespread security loopholes across the industry – including finding evidence of one or more breached employee passwords at over three-quarters of agencies. 

Breaches in the recruitment and staffing sector are particularly harmful due to the importance of data in the industry. Atlas Cloud’s case study from last year details the knock-on effect a breach has on an agency’s reputation.

Pete Watson, CEO of Atlas Cloud, offers some advice to recruitment bosses:

“If you’ve already sorted the basics, Cyber Essentials is an easy accreditation to achieve – unlocking your agency to more public sector roles and arming consultants with another reason to choose them.

“If you’ve not [sorted the basics], you’re carrying a level of risk that I don’t believe any individual would be comfortable with if well-informed on the subject.”

Pete Watson – CEO, Atlas Cloud

Atlas Cloud is currently offering £100 off Cyber Essentials certifications until the end of the year. An APSCo Trusted Partner and REC Business Partner, Atlas Cloud is a recruitment-specialist managed IT and cyber security services provider – helping agencies large and small scale faster with fewer risks.

Learn more about the Cyber Essentials process by scheduling a 15min education-based call with our CEO, Pete Watson. Initial discussions are no-obligation and fact-based to give business leaders information to make an informed decision – but we only have limited slots available during the offer period.


To celebrate our latest research, we’re offering recruitment agencies £100 off Cyber Essentials certifications until the end of the year.

About The Author

Ben is passionate about technology that enables people to work more productively and collaboratively from anywhere in the world. He’s a karaoke king and an avid explorer, despite the fact that every holiday he takes seems to end in disaster.

New Research

Our recent, nationwide research shows what can be learnt from working during lockdown. Download the report today.

Sign up to newsletter?*
Privacy Notice: We won’t sign you up to any marketing mailing lists (unless you ask us to*) but we may email you to make sure you have been able to access the content successfully. View our privacy policy.