Best Recruitment Insurance

Small recruitment agencies are unprepared to recover from an ‘inevitable’ cyber-attack

1 in 3 SMEs believe a cyber-attack on their business is a matter of ‘when’ not ‘if’

While the threat of cybercrime is at the forefront of SME owners’ minds, ‘cyber recovery’ is not, according to a new study, The Business of Cyber Recovery, by PolicyBee. Five hundred UK SMEs were asked about their preparedness for cybercrime and its aftermath: one in three believe that a cyber-attack on their business is a matter of ‘when’ not ‘if’, and quarter believe an attack is ‘likely’.

Small recruitment agencies are especially vulnerable

PolicyBee believes that smaller recruitment agencies are particularly vulnerable to being hacked or targeted for a cyber attack as not only do they have their own data to protect, they are also custodians of a wealth of clients’ personal data too – a potential goldmine for cyber criminals.


  • 74% have not put any budget aside to deal with the aftermath of a cyber attack.
  • 43% will react if and when a cyber-attack happens and have absolutely no plans in place.
  • Just 14% have a detailed plan which covers all bases and crucially have tested that plan.

Sarah Adams, cyber insurance expert, who commissioned the study for PolicyBee, said:

“Digital is king in the recruitment market which makes recruitment consultants without email, website or internet access, pretty impotent. 

“As we’ve seen recently, even the largest of companies is not immune to being affected by cybercrime but most will have a ‘what if’ plan in place that has been stress tested via a crisis simulation or role play exercise.

“They will know exactly what to do in the event of a cyber-attack. However, small recruitment agencies seem to be chancing their luck and despite expecting to be hacked, aren’t preparing to be prepared.”

Businesses in denial

Younger respondents seem more aware of potential cyber risks – as business owners get older they think a cyber-attack is less likely: 22% of 18-34 year olds think a cyber-attack is unlikely; whereas 41% of 35-54 year olds and 56% of 55+ think an attack is unlikely.

Business in the South West and East of England are most in denial of a cyber-attack – those in London and the NE are the most switched on. According to PolicyBee, who provides cyber insurance and other business insurance to freelancers and small businesses, the study highlights the fact that SMEs are simply too busy running their day-to-day operations.

Adams continued:Anyone who’s ever worked in recruitment will know the days are long and incredibly busy, and so it’s of no great surprise that companies in this sector are prioritising securing new clients and placing candidates over getting real cyber protection in place.

“In the event of becoming a victim of cybercrime, most recruitment agencies seem to believe that a quick call to their IT support will get things fixed but the reality is somewhat different.

“They may need PR or social media support to limit the damage done to their reputation, as well as legal support to deal with claims from clients for compromised data, fines from the Information Commissioner’s Office [ICO], and specialist forensic IT to deal with compromised security and possible ransom demands.

“We’re all familiar with the terms cybercrime; cyber-attack; and hackers; but we need to make ‘cyber recovery’ part of the general discussion now too.”

Other resources:

PolicyBee’s tool for SMEs concerned about cyber recovery:
PolicyBee’s series of cyber recovery blog posts:

Recruiters love this COMPLETE set of Accredited Recruitment & HR Training – View Training Brochure

Comment on this story

Your email address will not be published. Required fields are marked *


Join the BIoR to be part of creating excellence in recruiting standards & service

Send this to a friend