At first glance, a CV is just a snapshot of someone’s career – a list of roles, qualifications, and contact details shared in the hope of landing the next opportunity. But in the wrong hands, that same document becomes something far more valuable.
Stolen CV databases are now just one part of the picture, alongside AI-generated applications, fabricated employment histories and deepfake video interviews.
That creates growing risk on both sides of the hiring process: recruiters face data breaches, impersonation and compliance failures, while candidates are increasingly exposed to scams, financial loss and misuse of their identity.
For businesses handling large volumes of recruitment data, the message is clear: this is no longer a theoretical threat, but an evolving one.
The numbers tell the story
The scale of cybercrime targeting businesses – particularly SMEs – has surged in recent years, with data breaches becoming both more frequent and more sophisticated. Unfortunately, the numbers say it all:
- 66% of job seekers are cautious about illegitimate roles
- 86% of recruiters caught or suspected candidate fraud in the past 12 months
- 60% of hiring professionals reported concerns relating to deepfake risks
- 4,876 job frauds reported to Action Fraud (now Report Fraud) in 2024 – up 132% from 2022
Employment fraud is escalating for recruiters
Employment fraud isn’t necessarily a new risk. First Advantage’s 2026 Global Workforce Trends Report shares how 76% of hiring managers experienced falsified employment details, and 45% have encountered candidate identity misrepresentation.
Artificial intelligence is rapidly transforming the scale and believability of recruitment fraud. Tools that can generate realistic CVs, fabricate employment histories, and even mimic communication styles are now widely accessible. More concerning still is the rise of deepfake technology. Recruiters could have a whole 30-minute video interview with a candidate and not realise the face they’re seeing isn’t real.
According to GetReal Security’s Deepfake Readiness Report, 41% of enterprises have already on-boarded a fake job candidate or imposter!
It’s easy to think “we’re too small to be targeted” or “our systems are secure enough”. But the truth is, recruiters sit on a lot of personal data and if your business is small with little IT security in place, criminals could see an opportunity to gain a lot of data for little effort.
A warning for candidates
Job application data almost perfectly bundles up all the information a hacker needs.
Unlike other datasets, CVs are actively maintained by candidates. They’re accurate, detailed and willingly handed out – a cyber criminal’s goldmine. So, while your recruitment business’ risks will be a priority for you, your candidates face risks of their own:
Too many candidates falling victim
The sad reality is, too many job seekers are vulnerable to recruitment scams. According to the Global Anti-Scam Alliance’s (GASA) State of Scams Report, 39% of respondents experienced employment scams, nearly 20% of which have experienced it more than once.
Younger applicants at biggest risk
Even more worrying is how younger applicants are left stuck between a rock and a hard place. LinkedIn’s own Job Search Safety Pulse found over 30% of Gen-Z admitted to ignoring red flags because the employment marketing is so competitive. For them, it’s either a risk worth taking or a risk they’re none the wiser about.
Instant messaging a gateway to theft
While technological advancements have been the shining star of past decades, there’s a darker side to it that’s opened the door to increased risks for candidates – they’ve made it easier to get into your inbox. Scammers are using quick methods like text or WhatsApp to lure victims into disclosing their card details, sometimes using simulated phone-call interviews for extra believability.
According to the BBC’s 2025 article, the average amount per case reported to Action Fraud (now Report Fraud) in 2024 was £4,707!
Safety net of cyber liability insurance
While prevention is essential, no system is completely immune. That’s why the focus also needs to be if and how you can respond.
A compromised database doesn’t just mean lost data – it can mean candidate identities being exploited, fraudulent applications entering your pipeline, or even attackers impersonating candidates or clients using AI-generated profiles or manipulated video interviews. In these scenarios, the damage extends beyond systems into trust, compliance, and reputation.
This is where cyber liability insurance becomes critical – not simply as financial protection, but as a structured response to increasingly complex risks.
Getting support with insurance
With the right insurance support in place, recruitment businesses can contain the damage, protect stakeholders, and maintain trust – even in the face of evolving risks like CV theft and AI-powered deception.
Kingsbridge Recruitment works with recruitment businesses to provide insurance that reflects how the industry actually operates, backed by specialist advice, clear guidance, and ongoing support.
From basic cyber insurance to a more comprehensive offering, speak to the Kingsbridge team about how we can help and what we can cover. Don’t let a cyber attack cripple your business.
