Information Security Breaches Survey

[StevensOnln1]

Just received the following e-mail, does anyone know anything about this?

Department for Business, Innovation and Skills

2014 Information Security Breaches Survey


As a member of the PAYE scheme, your organisation is requested to take part in the
<link removed>
2014 Information Security Breaches Survey , conducted by PwC on behalf of the Department for Business, Innovation and Skills. The survey should take 20 minutes to complete and by submitting your results you will be entered into a prize draw with the opportunity to win an iPad Air. You will also be provided with a copy of the final report upon its release on the 29th April 2014.

The survey, conducted by PwC for over a decade, is fundamental in understanding the nature and impact of information security breaches in the UK and the trends that develop year on year. This year, it's more important than ever that we increase the number and breadth of responses in order to better understand the nature of today's information security threats and the organisational responses to them. Your organisations contribution is important.

The survey needs to be conducted by someone within the organisation with knowledge of Information Security or Risk Management and the breaches that your organisation may or may not experience. In order to make the survey more manageable we have split the survey in to two separate polls. The link below will lead to part 1 and provide the option to conduct part 2. If you decide to defer part 2, we will contact you again in early 2014.

Please note that your responses will be completely anonymous and under no circumstances will your organisation be identified in the report.

Start survey 1 - Recent breaches and security management:
<links removed>

Thank you in advance for your participation and we look forward to receiving your responses.

PwC 2014 Information Security Breaches Survey Team

This survey is being conducted in accordance with the Market Research Society Code of Conduct, which guarantees confidentiality and anonymity. Under no circumstances will your organisation be identified in the survey report.

Links are going to a subdomain of pwc.com but the message was received to a company e-mail address which has never been given to HMRC or any other government department.

 

[PwC-CyberSecurityResearch]

StevensOnln1, thanks for your post. I will PM you.

This email is promoting the 2014 Information Security breaches Survey run by PwC on behalf of the Department of Business, Innovation and Skills (BIS).

This year BIS has asked us to reach out directly to UK businesses in order to gain a fuller appreciation of the challenges faced by UK plc. If your organisation has received the same email please take the time to complete the survey. (links to the survey are also available on the PwC website) Please note you will not be required to provide any personal or company identifiable information.

The results of the 2013 Information Security Breaches Survey can also be found on the PwC website or feel free to google it.

 

[WFChris]

I cannot vouch for the email itself but can confirm that the survey is very real. I have read and used the information it contains for several years now.

I see you have a response from PwC so this should clear up all of your queries.

 

[StevensOnln1]

The main thing I was wondering was how that particular e-mail address ever came to be on their list. It's an address given out for incoming sales enquiries, which goes through to an online helpdesk system and has never been given to HMRC, so I would quite like to know how BIS have gathered the list of e-mail addresses they've given to PWC for this survey.

 

[David Griffiths]

I'd have treated it with great suspicion. The expression "as a member of the PAYE scheme" on its own would probably cause me to put it in the dustbin. That simply doesn't sound like an expression that anybody connected with HMRC or the accountancy profession would use.

Odds on that the email doesn't mention you or your firm by name, and doesn't carry any PAYE or other reference.

It seems odd that the 2014 survey is being completed in 2013.

If it's not a phishing scam, it deserves top marks for looking like one. Perhaps it's a test to see who would fall for an email that resembles a scam!

 

[14Steve14]

If I received an email like that it would also go straight in the bin and be reported as junk mail. Because it looks like a scan, I bet the feedback given is very low.