not the right recommendation
"with four in five not requiring the use of a capital letter and a number/symbol."
The thing that is important is entropy. Requiring particular characters does not help with this much it is a stupid hang over from the days when only the first handful of chars in a unix password were significant so using the full character set was a good idea.
If you enforce special chars all you get is "password!" instead of "password" same with all the other hard to obey password rules everyone uses one of a small number of common fixes to bypass the rule.
Probably the most important rule to enforce is the minimum legal length of a password.