Information Security Management at Marks and Spencer (M&S) in the UK

Verified

Added on 2023/01/19

AI Summary

This report presents a comprehensive analysis of information security management strategies within the context of the UK retail sector, using Marks and Spencer (M&S) as a case study. The study investigates the implementation of information security measures to mitigate the risks of data breaches and cyber-attacks, aiming to enhance customer confidence. The research encompasses a literature review to establish a theoretical framework, followed by a qualitative methodology employing both primary and secondary data sources, including surveys. The report examines the challenges faced by M&S regarding cybersecurity, particularly in light of the Epsilon data breach, and proposes recommendations and an action plan to improve cyber resilience and protect sensitive customer information. The findings and discussion sections present the analysis of the collected data, leading to conclusions and recommendations for future research. The report also includes an evaluation of the methodologies used and addresses limitations, providing insights into the effectiveness of information security management strategies in a dynamic business environment.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Corporate Strategy and
governance research
(“Implementing information security management strategy to
reduce the threats of data breaches and cyber-attacks to
improve customer confidence in the UK retail sector- A case
study of Marks and Spencer”)

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Executive Summary
The present study aim to analysing the effectiveness of implementing information
security management strategy to reduce the threats of information breaches and cyber attacks to
improve customers confidence in the UK retail sector. Information security management strategy
is defines as the control which a business requires to execute to ensure that it is sensibly
protecting the confidentiality, availability and integrity of assets through threats and
vulnerabilities. Therefore, in today's modern business environment it is important for the
businesses to execute appropriate information security management strategy for the purpose of
reducing the chances of information breaches and cyber attacks. Marks and Spencer is the
chosen organisation for this particular study as it is the largest British multinational fashion retail
company which is facing the issue of epsilon data breach in which customers emails are stole, so
in this suitable aim and objectives are created to support the work with accumulation of
appropriate information. In this study, literature review is executed to develop understanding in
regards to the chosen subject area. In addition to this, the overall study is based on qualitative
method as it is supportive in executing detailed analysing with actual facts and figures. Despite
from this, primary as well as secondary both the tools are applicable in drawing valid and
reliable results. Thus primary investigation is executed via the support of survey in which
questionnaire is developed which covers the aim and objectives of the research. At the end of the
investigation conclusion and recommendation are developed over the outcome of the research.

Table of Contents
Executive Summary ........................................................................................................................3
Chapter 1: Introduction ...................................................................................................................1
Chapter 2: Literature Review ..........................................................................................................5
Chapter 3: Research Methodology...................................................................................................9
Ethical Consideration ....................................................................................................................11
Chapter 4: Data Analysis and Interpretation .................................................................................13
Chapter 5: Findings and Discussion .............................................................................................25
Chapter 6: Recommendations and Action Plan.............................................................................26
Chapter 7: Evaluation and limitations in the methods and approaches used for the study............28
Chapter 8: Conclusion and areas for Future Research...................................................................28
References .....................................................................................................................................30

Chapter 1: Introduction
Overview of the Research
Cybersecurity defined as the practices of reducing cyber risk via the protection of the whole
information technology infrastructure, involving systems, applications, hardware, software and
information. In the modern business environment, the key focus of the business is to attain
higher growth and success at the market place and for this business are concern over making
transactions with other business or countries (Abawajy, 2014). Thus an increase in international
operations has created an issue in the security of information that is confidential in nature. So
businesses are concern over implementing different strategies of information security with
respect to reducing the threat of data breach and cyber-attacks with respect to reducing
confidence in the UK retail sector. In today's digital world, the retail sector is growing very fast
with the suitable implementation of digital technologies. Therefore, the organisations are also
facing issues regarding the theft of information, breaching of confidential data. So it is important
for the businesses to implement information security management strategy to reduce the threat of
information in respect to improving customer confidence in the UK retail sector. Businesses in
the retail sector are focuses on improvising cyber resilience to enhance customer confidence.
Thus, cyber resilience security management strategy is referred as the ability to prepare for,
respond to any recover through cyberattacks; therefore, it mainly helps an organisation to protect
in against of cyber risk, defend against and limit the severity of attacks and ensure its continued
survival despite an attack. In the present investigation work, Marks and Spencer is the chosen
organisation; therefore it is a large British Multinational retailer, which has its global business
operation; however, the business is facing the issues related with cybersecurity as Marks and
Spencer has global business operations. This report contains a study of the different strategies of
information security management in order to reduce the threat of data breach and cyber-attacks.
In this aim and objectives are created to providing support to the work. Thus literature review is
effective in developing an in-depth theoretical framework which is effective in developing an
appropriate understanding in regards to the similar subject area. In addition to this, a suitable
selection of methodologies is effective in providing suitable assistance to the work in carrying
out the work in the right manner. Furthermore, data analysis will support through conducting a
survey via the help of developing questionnaire which is effective in conducting the work in the
right manner through gathering primary information (Ahmad, Maynard and Park, 2014). At the
1

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

end of research conclusion and recommendations are made over the findings of the research.
Along with this reflection is developed to discussing the personal experience of the researcher.
Background of the Research
In the competitive business scenario, organisations are concern over expanding their
businesses at the global level. Therefore higher business opportunities increase the interaction of
the business with other organisation of different countries and for implementing good
communication businesses are using advance and modern technologies which are significant in
terms of developing organisational performance, but in somehow these are also having negative
influences in the manner when an individual is using them in the wrong manner. In the modern
business era, cyber resilience is rapidly gaining recognition as the businesses are very much
concern over implementing appropriate strategies to protecting their operations from the cyber
attacks, breach of information etc. in respect to developing the trust of customers. Marks and
Spencer is the chosen organisation for this particular project as it is effective in developing a
better understanding in regards to a similar area of study. The company was founded in the year
1884 by the significant efforts of Michael Marks and Thomas Spencer. Marks and Spencer is the
fastest-growing British retailer business, which has its operations all over the world (Aleem,
Wakefield and Button, 2013). The headquarter of the firm is in Westminister, London, United
Kingdom. The company is mainly operating in selling high-quality articles of clothing, home
products and food products. It is a public limited company which is operating in around 1463
locations, and the company is having around 80,787 employees, who are working for enhancing
the potential of business at the market place. The company has its global business operations and
for this company is facing issue related with cybersecurity, so it is fundamental for the business
implement strategies that are effective in reducing the threat of data breach and cyber-attacks
related with information security management. The retail industry in UK is recognised as the
largest private sector employer with the almost three million workers. The retail industry plays
vital role in the growth of UK economy, thus in the year of 2018 the sales of retail sector has
generated at around £381 billion which represents the growth of retail sector. However, the retail
sector of UK has rising by 10 percent to 440.5 billion euros. The overall market value of this
sector is expected to increase at 453 billion in the year of 2020. Marks and Spencer is the biggest
fashion retail which plays a vital role in the growth and development of UK economy. Marks &
Spencer is a large fashion retail business, which operates through online as well as offline stores.
2

Before few decades company is facing the issue of data breach as the firm was affected by the
attack of email marketing firm Epsilon (Epsilon data breach: Marks & Spencer customers'
emails stolen). Marks & Spencer has deal with number of people and whose emails have been
stolen in a huge US internet security breach. However, with the stolen of emails, people can see
others private information in regards to their credit card, debit card etc. This affects the overall
functions of M&S. This issue was probably resolved by the investigation from the UK
information commissioner's office. Therefore, the US does not follow the same data protection
laws as the UK and Europe over privacy and security, business that pass UK citizens private data
to US based business are needs to ensure that the destination has a proper safe Harbour
management to safeguard the information to European standards.
The rationale of the Research
The research into consideration is based on Implementing information security
management strategy to reduce the threats of data breaches and cyber-attacks to improve
customer confidence in the UK retail sector. This is a wide area of academic research which is
effective in exploring the idea and knowledge base of the researcher in the specified area of
work. Therefore this study is also effective in enhancing the personal as well as professional
skills and ability of an individual, learner and researcher (Bendovschi, 2015). The major purpose
behind conducting research is the personal interest of the researcher as the investigator willing to
gain knowledge regarding cyber resilience regarding enhancing customers confidence in a
business to decrease the risk of threat or breach of information and cyber attacks. This
investigation is mainly taken into consideration because it is the latest issue which has taken
place in today's modern business environment. So the understanding this area is effective for the
businesses or the individual who is having their career goals in a similar area. This study is also
effective in terms of future perspective; thus, this is effectual in providing suitable assistance to
the individual in attempting their future projects in a more effective manner. This study explores
the issue, which is faced by Marks and Spencer due to breach of data by the attack of email
marketing firm Epsilon (Marks & Spencer data compromise not a hack). The company is around
with millions of customers who are making their purchase through online and offline stores,
therefore, the email of customers has stolen by the computer hackers and stole the personal
information of the customers like their personal data, credit and debit card information etc. This
has a huge influence over the brand image of the firm.
3

Research Aim
This refers to the key area of an investigation. Thus is defined as the predetermined
statement, which is effective in defining the purpose and intention of investigation in an
appropriate manner. This part of the investigation is effective in assisting the overall work in the
right manner (Carcary, 2013). The key aim of this particular investigation is "To examine how
M&S can improve the cyber resilience to enhance customer confidence in the company to
decrease the risk of threat of breach of data and cyber-attacks. A case study on Marks and
Spencer.
Research Objectives
The potential objectives that are effective for this particular investigation are associated
as under:
 To understand the concept of information security management and cyber- attacks and
data breach.
 To discuss the challenges which the company faces in managing the information security. To recommend some ways in order to overcome the challenges and identification of
future research areas.
Research questions
The major research questions that are effective in assisting the overall work are
associated as under:
 What is the concept of cyber resilience for improving customer confidence?
 How can a company improve cyber resilience to improve customer confidence?
 What are the different challenges which the company faces in managing the information
security?
4

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Chapter 2: Literature Review
This is the most imperative part of an investigation. Thus it is effective in conducting a
detailed evaluation of the chosen subject area and also assist the work in the right manner to
reaching the potential outcome. This part of the research is effective in creating a detailed
theoretical framework which would be efficacious in developing the understanding of the
individual or learner in regards to the chosen subject area (Chen, Desmet and Huygens, 2014).
The study into actual action is based on analysing the different types of strategies used to
implement information security management in the company to decrease the risk of threat of
breach of data and cyber-attacks. Therefore, in this part of the investigation, information
collection is mainly relaid upon the secondary source of data collection, i.e. books, journals,
published research articles, newspapers, magazines etc. This section mainly encompasses over
gathering information through the past areas, which are based on similar areas; thus, past
investigation mainly effective in assisting the overall work in the right manner.
The concept of cyber resilience for improving customer confidence.
As per the views expressed by Juliana De Groot, 2019, cyber resilience is defined as the
ability of a computing system to recover quickly, and it is mainly implemented in adverse
condition. In addition to this, cyber resilience determined as the notion which business requires
to be flexible and responsive to the cyber attack. Cyber resilience is recognised as the ability to
prefer for, respond to and recover through a cyber attack. In the context of the retail industry,
cyber resilience is effective in developing the customer's confidence through reducing the issues
arises through cyber-attacks and breach of information. Cyber resilience is mainly implemented
by the businesses to protect in against cyber risk that is defended in against and limit the severity
of attacks and ensure its continued survival despite an attack. Cyber resilience is a fairly new
area in the centre of information technology and has lately attained a vast momentum. In addition
to this, it is the ability of a business to withstand cybercrime, prepare for the possible threats and
create an effective action plan to recover through the issues which affect the business
performance. It is a comprehensive framework which aims at protecting the entire organization,
including its people, processes, and information from the cyber crisis. In the world full of
advancement in technologies and processes, businesses are concern over adopting high tech tools
and technologies for the purpose of maximising their profitability via developing productivity
and operations. Thus, organisations are also facing issue related to the data breach, cyber-attack
5

and theft of their confidential information. Therefore, businesses like Marks and Spencer is
operating at the global level and also deals in high tech computer systems, so the threat of
leaking information, cyber-attacks are high. However, the primary motive of the business is to
effectively implement information security management system to reduce the errors of
cyberattacks, security issues and information breach. Due to high competition in the market, the
individual is concern over hacking the personal information about the firm or its strategic steps
which affects the overall functioning of the business in an adverse manner. Information security
management system, cyber-attacks and breaching of information are the different aspects on
which it is required to have appropriate knowledge regarding the areas for better implementation
of organisational operations and functions.
The ways the company can improve cyber resilience to improve customer confidence.
As per the views expressed by Ryan LaSalle, 2018, In the modern business environment,
the investment in cyber resilience has led to developing the performance, as the key of security
teams successfully defend in against of developing the number of cyber-attacks, that has doubled
in the past few years. Organisations now a day's are increasing their dependence over advance
tools and technologies but has also spawned a well-resourced cybercrime. Thus the cyber
resilience is mainly integrated within businesses as to effectively conducting management plans.
The term cyber resilience is not just consisted of the technology; it must also cover organisations
processes and people. It mainly defined as the ability to protect an individual's IT system and
recover through any breach, which is called as cyber resilience. According to the opinion
analysis of Madeline Howe and Anne Grahn, 2018, In today's modern businesses era, the living
of individual is very much based on digital tools and technologies, as normally people are using
digital platforms for fulfilling their desires, so it is important for the businesses to improve their
cyber resilience in respect to enhancing customers confidence at market place. An appropriate
security strategy is comprehensive and dynamic through the elasticity to respond to any sort of
security threat. Developing a security strategy is an elaborated procedure which includes initial
assessment, planning, implementation and constant monitoring (Fielder and et al., 2014). It may
also involve an aggregation of activities which covers conceivable threats and vulnerabilities:
policies and procedures, access management measures, communications systems, technologies
and systems integration practices. For instance: Marks and Spencer are operating at the global
level and deals in high-quality clothing, home products and food items and concern over
6

implementing different strategies of managing the information security for the issues of cyber
attacks, thefts of private information, data breach etc.
Cyber resilience and competitive advantage
As per the opinion analysis of Terena Bell, 2018, cyber resilience is defined as the
measure of how effectively a business can execute its operations during a information breach or
cyber attacks. In addition to this, cyber resilience is also defined as the ability of a business to
recover quickly from deliberate attacks; or incidents regard to the use of information and
communication technologies. Therefore, cyber resilience is an effective procedure for the
business and widely implemented through the businesses due to increase in cyber attacks, thus it
protects the business information and helps the business in attaining higher competitive
advantage. Cyber Resilience complements and develops on present security approaches and
needs to be incorporated within existing Information Security Management Systems and Risk
Management Structures. Therefore, this is significant for the businesses in attaining higher
competitive advantage via reducing the issue of information breach and cyber attacks.
Scale of cybercrime and information breaches in the UK retail sector
As per the views stated by Don-Alvin Adegeest, 2016, cyber crime is recognised as the
most effective threat to the retail business in UK, Therefore, as per the acknowledgement of
UK's national CRime Agency the scale and cost of cyber crime is unclear in the present.
However, the office for national statistics represents that there were around 5.1 million instance
of Fraud and 2.5 million of cyber crime in the last few decades. It is the major issue in the retail
sector of UK as it has a wider influence over the operations and progression of the retail industry.
Cyber/data breaches and consumer confidence
According to the opinion stated by Alexis Petru, 2014, data breaches are the most
common occurrence as it affects the overall brand image and consumer trust. Data breach and
cyber attacks are mainly held with the companies that are operated online, thus computer
hackers, hack the email address and other personal information which may affects the trust of
customers. Therefore, it is important for the businesses to take effective cyber security measures
in respect to providing higher security assurance to their customers. High cyber attack and
information breach may affects the trust and loyalty of the customers and they refuse to buy thye
products of the firm and this may decrease the performance within market place.
The different challenges which the company faces in managing the information security
7

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

As per the opinion stated by Stefan Fenz, Johannes Heurix, Thomas Neubauer and Fabian
Pechstein, 2014, Information security are recognised as the key consideration for business in
each size; therefore, information security is essential in the manner of executing business
operations in an effective manner. Organisations now a day's get benefits from the use of cyber
technologies; thus these are effective in exploring the operations of the firm in an effective
manner and on the other hand businesses are also facing issues related with cybersecurity,
hackers and cybercriminals. Marks and Spencer is a large retail firm, which has its wider
business operations and the growth and development of business is relay upon technological
aspects; thus the company is using computer systems and many other technological aspects for
the purpose of maintaining appropriate information regarding the operations of the firm,
company also kept customers information etc. However, the company is facing challenges in
managing information security; some are associated as below:
Resist the changes: This is the key challenge which is mainly faced by the businesses due to
managing the information security system (Hiller and Russell, 2013). No proper management of
information system mainly restricts the firm to implement change, which affects the functioning
of the firm in an adverse manner. Due to non-authentic security aspects Marks and Spencer has
faced the issue of executing the appropriate change in their process and operations.
Weak Links in Supply Chain: This in turns recognising as the key challenge which is faced by
Marks and Spencer in managing the information security. For a retail organisation, maintaining
supply chain is the primary consideration of business; therefore, it is effective in satisfying the
requirements of customers at a larger level. Information security errors of breach of data affect
the overall supply chain of Marks and Spencer, which has a direct impact on the profitability and
growth of the business.
Potential Insider Threats: There are two sorts of internal information risk plaguing businesses.
The first is recognised through malicious intent, or the other one is purely unintentional and has
the aforementioned human error aspect connected to it. These two threats affect the overall
functioning of the business.
8

Chapter 3: Research Methodology
The research methodology is defined as the specific process or techniques applied to analyse,
select, process and evaluate data related to a specified area of study. This part of the investigation
is effective in assisting the overall investigation work in the right manner to reaching the
potential outcome. This part of the research is mainly based on different applications that are
supportive in guiding the work in the right manner to probable results. The suitable selection of
methodologies are described as under:
Type of Investigation: This is the most imperative part of an investigation, therefore in the
execution of an investigation work the key obligation of an investigator is to select the most
suitable type of investigation in respect to carrying out the work in the right manner. Research
type is mainly of two types, i.e. qualitative and quantitative research, thus in the present
investigation into actual action qualitative in the most suitable type for determining the
investigation related with examining the different types of strategies used to implement
information security management in company to decrease the risk of threat of breach of data and
cyber-attacks (Kozik and Choraś, 2013). However, in this present investigation work qualitative
research is applied by the researcher as it is effective in providing suitable analysis via
developing appropriate concepts and theories. Therefore, qualitative research is effective in
developing detailed analysis which is beneficial is developing an in-depth base over the selected
area of study.
Research Approach: The suitable selection of research approach is important in assisting the
overall work in the right manner; therefore, an investigation approach is mainly relaid upon the
type of research. Research Approach is mainly of two types, i.e. deductive and inductive research
approach. In the existing research work, Inductive is the most suitable approach; thus, it is
effective for qualitative research and appropriate in providing detailed information via the
support of theories and hypothesis.
Research Philosophy: This is also the key aspect of research methodology as it is important for
the investigator to conduct an investigation in a viable manner through the selection of suitable
philosophy. This aspect is mainly encompassed over interpretivism and positivism research
philosophy (Kulikova and et al., 2012). In the present investigation work, interpretivism
philosophy is the most suitable tool; therefore, it is effective in providing fact full information
over the area of examining the different types of strategies used to implement information
9

security management in the company to decrease the risk of threat of breach of data and cyber-
attacks. In this information, accumulation is based on a theoretical perspective via the opinion
and thoughts analysis of authors and writers.
Data Collection Tools: Information collection is defined as an effective procedure of
accumulating and analysing information on selected variables in an established system. Data
Collection is mainly based upon the primary and secondary source of data collection; therefore,
these two are effective in carrying out the work in the right manner to reaching the potential
outcome. The primary source is effectual in gathering information that is based on actual facts
and figures; therefore, this source is effective in gathering new information which is never being
published before (Lanz, 2014). In this information, accumulation is based on the interview,
questionnaire, survey, focus group etc. On the contrary side, the secondary investigation is
recognised as an important area in which proper discussion is being made via the support of past
investigations. Furthermore, in this information accumulation is based over published articles,
journals, newspapers, books etc. In the present investigation work, both primary, as well as
secondary tools, are applied by the researcher; thus, these two are effective in carrying out the
work in the right manner. Primary research is conducted through the support of the survey as in
this questionnaire is being prepared by the researcher and gathering information from the
participants. Therefore, in this questionnaire is the best suitable approach of conducting survey
as in this questions are developed which covers aim and objectives of the research. On the other
hand, the secondary investigation is effective in developing a literature review in which
theoretical framework is being developed over the selected area of work.
Data Sampling: This part of the investigation is mainly relaid upon probabilistic and non-
probabilistic data sampling. Therefore sampling is mainly replicated from the original population
(Mahmood and Afzal, 2013). In the present investigation into actual action, convenience
sampling is being selected by the researcher through the area of non-probabilistic tools.
Therefore this is effective in gathering information from the selected area of people. In this
sample size of 30 is being taken into actual action by the researcher; thus, it is an appropriate
range of gathering valuable information. In this present investigation questionnaire is being
fulfilled by the employees of Marks & Spencer, as employees are more liable in providing
information in regards to the effectiveness of Implementing information security management
10

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

strategy to reduce the threats of data breaches and cyber-attacks to improve customer confidence
in the UK retail sector.
Ethical Consideration
In the suitable execution of an investigator, it is important for the researcher to follow the
research ethics in respect to systematic execution of research activities, therefore, in the context
of this present research, investigator needs to ensure their respondents about the safety and
security of their personal information. Therefore, individual are mainly concern about misuses of
their private data. Despite from this, investigator needs to manage time and cost for the better
execution of the investigation activities. Research also ensure to not hurt the feeling and
sentiment of the respondents via asking any kind of personal information.
Gantt Chart
All this project take around 11 weeks to reach to the final stage of final submission of
project.
Activity 1
th
Wee
k
2
nd
Wee
k
3
rd
Wee
k
4th
Wee
k
5
th
Wee
k
6
th
Wee
k
7
th
Wee
k
8
th
Wee
k
9
th
Wee
k
10
th
Week
11th
Week
Selection of
research
topic
Forming of
aims and
objectives
Starting of
literature
review
11

Research
Methodology
Preparation
of
Questionnair
e
Data
collection
Data analysis
Rechecking
of the data
Final
submission
12

Chapter 4: Data Analysis and Interpretation
This is the key area of an investigation in which analysis is made over the investigation
issue through thematic analysis. Therefore, it is effective in analysing the information
accumulated by the researcher to carry out the work in the right manner (Mengke and et al.,
2016). This tool is effective for both primary as well as secondary investigations. Therefore,
these themes are built over the questions of the questionnaire that covers the aim and objectives
of the research.
13

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Frequency Table
Questionnaire
Q1) Do you have an appropriate understanding regarding cyber resilience in the
context of enhancing customer confidence within the retail industry?
Frequency
A very good understanding of risk 28
Need more training/support to understand 2
Q2) Please state the approaches used by the organisation to deal with threats of
data breaches and cyber-attacks to improve customer data?
Frequency
Agree 26
Disagree 4
Q3) How effective do you find those information security management
approaches for maintaining customer data?
Frequency
Extremely effective 20
Effective 7
Neutral 1
Not effective at all 2
Q4) How do you think the increasing cyber-attacks and data breaches in M and S
have affected the organisation?
Frequency
Reduction of cyber-attacks 8
Threats of information Breach 7
Decreasing the risk of confidential information 7
Protecting customers data 8
Q5) What challenges are mainly faced by Marks and Spencer in managing the
information security?
Frequency
Resist the changes 5
Weak Links in Supply Chain 12
14

Breach of information 8
Potential Insider Threats 5
Q6) What strategies can implement by Marks and Spencer to manage the
information security?
Frequency
Customizing own security system 10
Increasing employee’s skillset 7
Implementation of cloud to work 8
Apply Safeguards 5
Q7) Which kind of influence does cyber resilience have over managing
information security system within Marks and Spencer?
Frequency
Positive 20
Negative 5
Neutral 5
Q8) What are the major areas that are required to be protected by the businesses
to enhance customers confidence regarding breach of data and cyber-attacks?
Frequency
Secured Documentation 8
Products/Service Information 7
Intellectual Property/Patents 7
Customers Data 8
Q9) According to you, the proper implementation of an Information Security
Management System is effective for Marks and Spencer in increasing the
confidence of customers regarding the security of information?
Frequency
Effective 28
Not Effective 2
15

Thematic Analysis
Theme 1) Individual are having an appropriate understanding regarding cyber resilience in the
context of enhancing customer confidence within the retail industry.
Q1) Do you have an appropriate understanding regarding cyber resilience in the
context of enhancing customer confidence within the retail industry?
Frequency
A very good understanding of risk 28
Need more training/support to understand 2
Interpretation:
In the present investigation, survey is being conducted among 30 respondents and from the in-
depth analysis of the above-mentioned graph it has been interpreted that 28 out of 30 respondents
are having an appropriate understanding regarding cyber resilience in the context of enhancing
customer confidence within retail industry; thus they are interested towards the similar area or
are willing to know about the chosen area, and remaining people are not in favour with the same
as per their view they are not having any idea regarding the area of cyber resilience.
16

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Theme 2) Cyber resilience is effective in reducing cyberattacks and information breach within
the retail industry.
Q2) Please State the approaches used by the organisation to deal with threats of
data breaches and cyber-attacks to improve customer data?
Frequency
Agree 26
Disagree 4
Interpretation:
According to the descriptive analysis of the project, it has been evaluated that 26 out of 30
people agree with the statement that, Cyber resilience is effective in reducing cyberattacks and
information breach within the retail industry. Thus, the issue of cyberattacks in the retail sector is
high as the organisations are work on open network as to making easy access for the customers,
so it is important for the retail businesses to develop effective cyber resilience for reducing the
issue of the data breach and information theft. Remaining people are not in favour of the same as
per their view. Cyber resilience is not much effective in reducing cyberattacks and information
breach within the retail industry.
17

Theme 3) It is important for Marks and Spencer to improve cyber resilience to decrease the risk
of threat of breach of data and cyber-attacks.
Q3) How effective do you find those information security management
approaches for maintaining customer data?
Frequency
Extremely effective 20
Effective 7
Neutral 1
Not effective at all 2
Interpretation:
As per the evaluation of the project, it has been understood that 27 out of 30 people are in
favour with the statement that it is important for Marks and Spencer to improve cyber resilience
to decrease the risk of threat of breach of data and cyber-attacks; therefore, Marks and Spencer is
operating at global level and has major concern over developing cyber resilience in respect to
protecting the business operations through the issue of cyber attacks and theft of private
information and remaining people are not in favour of with the statement that it is not important
for Marks and Spencer to improve cyber resilience to decrease the risk of threat of breach of data
and cyber-attacks.
18

Theme 4) There are different purposes Marks and Spencer is concern over implementing an
effective cyber resilience System.
Q4) How do you think the increasing cyber-attacks and data breaches in M and S
have affected the organisation?
Frequency
Reduction of cyber-attacks 8
Threats of information Breach 7
Decreasing the risk of confidential information 7
Protecting customers data 8
Interpretation:
As per the in-depth analysis of the project, it has been determined that there are different
purposes Marks and Spencer is concern over implementing an effective cyber resilience System.
8 out of 30 people are in favour of reduction of the cyber attack; seven individuals are going with
threats of an information breach, seven respondents are going with decreasing risk of
confidential data and remaining are in favour of protecting customer data.
19

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Theme 5) There are different challenges that are mainly faced by Marks and Spencer in
managing information security.
Q5) What challenges are mainly faced by Marks and Spencer in managing the
information security?
Frequency
Resist the changes 5
Weak Links in Supply Chain 12
Breach of information 8
Potential Insider Threats 5
Interpretation:
From the analysis of the above-mentioned chart, it has been interpreted that there are different
challenges that are mainly faced by Marks and Spencer in managing information security. 5 out
of 30 people are in favour of resisting the change, 12 people are going with weak links in the
supply chain, eight people are in favour of breach of information and remaining people are in
favour of potential insider threats.
20

Theme 6) There are multiple strategies that can be implemented by Marks and Spencer to
manage information security.
Q6) What strategies can implement by Marks and Spencer to manage the
information security?
Frequency
Customizing own security system 10
Increasing employee’s skillset 7
Implementation of cloud to work 8
Apply Safeguards 5
Interpretation:
According to the detailed evaluation of the graph, it has been determined that there are multiple
strategies that can be implemented by Marks and Spencer to manage information security. 10 out
of 30 people are in favour of Customizing own security system, seven people are in favour of
Increasing employees skill set, eight individuals are going with Implementation of cloud to work,
and remaining are in favour of Apply Safeguards.
21

Theme 7) Cyber resilience has a positive influence over managing information security system
within Marks and Spencer.
Q7) Which kind of influence does cyber resilience have over managing
information security system within Marks and Spencer?
Frequency
Positive 20
Negative 5
Neutral 5
Interpretation:
In the present investigation, survey is being executed among 30 respondents, and according to
the opinion of 20 respondents, Cyber resilience has positive influence over managing
information security system within Marks and Spencer, as the performance of the firm has
increased and the confidence of customers are also developed regarding the safety and security
of their personal information. Five people are not having the same opinion in regards to the
chosen area as per their view Cyber resilience does not have a positive influence over managing
information security system within Marks and Spencer, and leftover people are not providing any
discussion on the same.
22

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Theme 8) The major areas that are required to be protected by the businesses to enhance
customers confidence regarding breach of data and cyber-attacks.
Q8) What are the major areas that are required to be protected by the businesses
to enhance customers confidence regarding breach of data and cyber-attacks?
Frequency
Secured Documentation 8
Products/Service Information 7
Intellectual Property/Patents 7
Customers Data 8
Interpretation:
The above-mentioned graph stated that there are different area of business that are requires to be
protected by the businesses to enhance customers confidence regarding breach of data and cyber-
attacks. 8 out of 30 people are going with the option of strategic documentation, seven people are
in favour of Products/Service Information, seven respondents are going with Intellectual
Property/Patents and remaining are in favour of Employee Data; therefore these are the key
aspect which is required to be maintained by the business for attainment of growth and success.
23

Theme 9) The proper implementation of an Information Security Management System is
effective for Marks and Spencer in increasing the confidence of customers regarding the security
of information.
Q9) According to you, the proper implementation of an Information Security
Management System is effective for Marks and Spencer in increasing the
confidence of customers regarding the security of information?
Frequency
Effective 28
Not Effective 2
Interpretation:
According to the detailed analysis of the project, it has been interpreted that 28 out of 30 people
said that proper implementation of Information Security Management System is effective for
Marks and Spencer in increasing the confidence of customers regarding security of information
and remaining people are not in favour with the same as per their view proper implementation of
Information Security Management System is not effective for Marks and Spencer in increasing
the confidence of customers regarding security of information.
24

Chapter 5: Findings and Discussion
Theme 1: The concept of cyber resilience for improving customer confidence.
According to the detailed analysis of the author's opinion, it has been discussed that cyber
resilience recognises the most applied term in the context of developing customers confidence;
therefore, it refers as the ability to prepare for, respond to and recover through a cyber attack. In
the context of business, cyber resilience is the fundamental aspect for business; therefore, it is
significant for a business to protect private organisational information which involves personal
information related with operations, strategies, product detailed etc. from the cyber-attacks and
breach of information through the unauthorised access. Cyber attacks and data breach are also an
essential aspect that is considering as the key aspect that is significant for the growth of the
business via enhancing the confidence of customers regarding the safe execution of
organisational operations.
Theme 2: The ways the company can improve cyber resilience to improve customer
confidence.
As per the opinion analysis of the authors, it has been evaluated that cyber resilience is
the key aspect for business in respect to providing the ability to the businesses to protect their
data and strategies as to enhancing customers confidence regarding decrease the risk of threat of
breach of data and cyber-attacks. There are various ways like Increasing employees skill set,
Two-factor authentication, training of employees etc. in respect to developing the practices of
cyber resilience just to developing the overall operations of the firm in an effective manner.
Theme 3: The challenges which the company faces in managing the information security
From the analysis of the project, it has been discussed that information security and information
breach are the major issues which are mainly faced by businesses due to high advancement in the
technology and threat of cybercrime. In the modern business environment, the key motive of the
firm is to attaining higher growth and success at the market place. Marks and Spencer is a large
retail firm which is focused over implementing appropriate information security management in
respect to protecting information in an effective manner. Marks and Spencer is a large retail
industry which is operating at the global level and facing various challenges like Resist the
changes, Weak Links in Supply Chain, Breach of information, Potential Insider Threats etc.
these have direct influence over the operations and progression of the business.
25

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Chapter 6: Recommendations and Action Plan
The investigation into consideration is based on implementing information security
management strategy to reduce the threats of data breaches and cyber-attacks to improve
customer confidence in the UK retail sector. Therefore, this is a wide area of academic research
which has its importance in developing the knowledge and skills of individuals in regards to the
area of the strategies that are important in maintaining information security and reducing threat
of information breach and cyber attacks. From the detailed analysis of the project it has been
recommended to Marks and Spencer is a biggest retail firm and it is important for them to
implement appropriate practices that are effective in protecting the informations of the firm from
the cyber crimes and maintaining the flow of their operations. As to maintaining effective
position within market, company should be concern over enhancing the confidence of customers
in respect to decrease the risk of threat or breach of data and cyber-attacks. Therefore, company
should improve cyber resilience as to attaining significant growth and success via managing
information errors. From the evaluation of the project it has also been recommended to Marks
and Spencer that, company should hire skilled and experienced workforces in respect to
maintaining the information security as it is effective in conducting business operations in
effective and liable manner. It has also been recommended to the firm that company should also
concern over implementing proper information management system in respect to reducing the
error of cyber attacks and breach of information. Company should also developing their own
customized security system which is created as per the requirement of the organisational
operations and functions. Thus it will be effectual for the firm in reducing the chance of external
threats that hacks the information of the firm and utilise it in effective manner. Company should
also making their employees trained in the security aspects and mainly in cyber resilience and
also develop awareness regarding the security of information, however it would be beneficial for
the firm in maintaining the confidential information safe and secure in nature.
Action Plan:
Action plan is recognised as the key area of a research as it defined as the document that
enlist the steps that are necessary to be completed for satisfying the needs or the project. The key
significance of implementing action plan is to determine the resources that are significantly be
implemented to attain the setted goals and objectives of the project. However developing a
26

timeline in that all the actions are assigned as per the need of the research. The action plan for
Marks and Spencer are associated as below:
Steps Description
Step 1: Identify
the reason
The fundamental step is to analysing the potential reason of Implementing
information security management strategy to reduce the threats of data
breaches and cyber-attacks to improve customer confidence in the UK retail
sector. This challenge is mainly identified by Marks and Spencer through the
breaching of information and cyber attacks that affects the operations of the
firm in adverse manner.
Step 2: Formulate
the strategies
After analysing the issues of cyber attacks, breaching of information ,
lacking confidential data etc. the requirement of improvising cyber resilience
are arises, thus suitable formulation of cyber resilience is effective for the
business in protecting the operations from cyber attacks, breaches of
information and theft of data therefore, it also effective in addressing the
challenges that are faced by Marks and Spencer due to improper utilisation
of cyber resilience. The firm or its management is focuses over formulating
strategies like Customizing own security system, Increasing employees skill
set, Implementation of cloud to work, Apply Safeguards etc. as these are
effective in protecting the issues related with information security, cyber
attacks and breach of information.
Step 3:
Implementation
of Strategy
This is the most effective stage of action plan as in this implementation of
cyber resilience is taken into actual action as to assisting the organisational
operations in appropriate manner via enhancing the confidence of customers
regarding the cyber security. Marks and Spencer and its management is
concern over analysing the issues that are arises through non authentic
implementation of information security management system and than
implement cyber resilience as per the requirement. Therefore business is
mainly concern over implementing cyber resilience in respect ton reducing
cyber attacks and breach of information.
Step 4: Results of This is the final stage of the action plan, it comes after implementation of the
27

the Idea strategy, therefore the organisation has attained suitable results in protecting
the personal information and also maintaining the confidentially about the
current market strategy, product description etc. With the help of suitable
implementation of cyber reselience has attain higher growth and success at
market place.
Chapter 7: Evaluation and limitations in the methods and approaches used
for the study
The research into consideration is based on examining how M&S can improve the cyber
resilience to enhance customer confidence in the company to decrease the risk of threat of breach
of data and cyber-attacks, therefore, it is a wide area of investigation in which suitable selection
of methodologies are required to assist the work in right manner. In this present exploration
investigator has applied qualitative research as it is best suitable for the investigation and
effective in providing detailed information through developing theories, hypothesis and concepts.
The qualitative investigation is limited over gathering information that are based on qualitative
means. In addition to this, inductive approach is best suitable for qualitative research and
significantly based on human perception. Along with this, primary as well as secondary both the
sources are applied to gather valid and reliable information. Therefore, primary research is being
conducted through survey in which questionnaire is being developed through covering the aim
and objectives of the research. On the contrary side, secondary sources like books, journals,
formal investigation etc. are significant in developing literature review.
Chapter 8: Conclusion and areas for Future Research
From the detailed analysis of the project it has been concluded that, In the UK, retail is
the most developing industry, which has a huge contribution to the growth and success of the UK
economy. Thus, businesses in the retail sector are using digital tools and technologies for the
easy execution of organisational operations; therefore, advance technologies are mainly
implemented by the retail businesses to keep organisational information safe or also keeping
detailed of the customer, organisational sales, purchase, business ideas etc. But, due to high tech
technologies, few individuals and groups are making wrong use of technologies for the sack of
their own benefits. So the major issue which is faced by businesses is the cybersecurity. Thus it
28

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

is important for the businesses to improve their cyber resilience, as it consists of the notion
which business requires to be flexible and responsive to cyber attacks. As per the detailed
evaluation of the project it has also been determined that, businesses also requires to implement
high tech security in their online operations for the purpose of providing assurance to the
customers about the safety of their personal data. Therefore, businesses are concern over
developing information management strategy for the purpose of reducing the chance of
information breach and cyber attacks as it affects the overall functions and operations of the
business.
The present study is effective in exploring knowledge in regards to the area of
Implementing information security management strategy to reduce the threats of data breaches
and cyber-attacks to improve customer confidence in the UK retail sector, therefore, the scope of
study is wide as it is effective in providing in-depth knowledge regarding the effectiveness of
information security management strategy in reducing data breach and cyber attacks, therefore,
this study is effective in attempting future projects in more effective manner as the developed
knowledge would assist in right direction.
29

References
Books and Journals
Abawajy, J., 2014. User preference for cybersecurity awareness delivery methods. Behaviour &
Information Technology. 33(3). pp.237-248.
Ahmad, A., Maynard, S. B. and Park, S., 2014. Information security strategies: towards an
organizational multi-strategy perspective. Journal of Intelligent Manufacturing. 25(2).
pp.357-370.
Aleem, A., Wakefield, A. and Button, M., 2013. Addressing the weakest link: Implementing
converged security. Security Journal. 26(3). pp.236-248.
Bendovschi, A., 2015. Cyber-attacks–trends, patterns and security countermeasures. Procedia
Economics and Finance. 28. pp.24-31.
Carcary, M., 2013. IT risk management: A capability maturity model perspective. Electronic
Journal of Information Systems Evaluation. 16(1). p.3.
Chen, P., Desmet, L. and Huygens, C., 2014, September. A study on advanced persistent threats.
In IFIP International Conference on Communications and Multimedia Security (pp. 63-
72). Springer, Berlin, Heidelberg.
Damenu, T. K. and Balakrishna, C., 2015, September. Cloud security risk management: A
critical review. In 2015 9th International Conference on Next Generation Mobile
Applications, Services and Technologies (pp. 370-375). IEEE.
Fielder, A. and et al., 2014, June. Game theory meets information security management. In IFIP
International Information Security Conference (pp. 15-29). Springer, Berlin,
Heidelberg.
Gou, Q. and et al., 2013, August. Construction and strategies in IoT security system. In 2013
IEEE international conference on green computing and communications and IEEE
internet of things and IEEE cyber, physical and social computing (pp. 1129-1132).
IEEE.
Hiller, J. S. and Russell, R. S., 2013. The challenge and imperative of private-sector
cybersecurity: An international comparison. Computer Law & Security Review. 29(3).
pp.236-245.
Jouini, M., Rabai, L. B. A. and Aissa, A. B., 2014. Classification of security threats in
information systems. Procedia Computer Science. 32. pp.489-496.
Kozik, R. and Choraś, M., 2013, September. Current cybersecurity threats and challenges in
critical infrastructures protection. In 2013 Second International Conference on
Informatics & Applications (ICIA) (pp. 93-97). IEEE.
Kulikova, O. and et al., 2012, December. Cyber Crisis Management: A decision-support
framework for disclosing security incident information. In 2012 International
conference on cybersecurity (pp. 103-112). IEEE.
Lanz, J., 2014. Cybersecurity governance: The role of the audit committee and the CPA. The
CPA Journal. 84(11). p.6.
Mahmood, T. and Afzal, U., 2013, December. Security analytics: Big data analytics for
cybersecurity: A review of trends, techniques and tools. In 2013 2nd national
conference on Information assurance (ncia) (pp. 129-134). IEEE.
Mengke, Y. and et al., 2016. Challenges and solutions of information security issues in the age of
big data. China Communications. 13(3). pp.193-202.
30

Nazareth, D. L. and Choi, J., 2015. A system dynamics model for information security
management. Information & Management. 52(1). pp.123-134.
Shim, W., 2012. An analysis of information security management strategies in the presence of
interdependent security risk. Asia Pacific Journal of Information Systems. 22(1). pp.79-
101.
Soomro, Z. A., Shah, M. H. and Ahmed, J., 2016. Information security management needs a
more holistic approach: A literature review. International Journal of Information
Management. 36(2). pp.215-225.
Tosh, D. K. and et al., 2017, October. Three-layer game-theoretic decision framework for cyber-
investment and cyber-insurance. In International Conference on Decision and Game
Theory for Security (pp. 519-532). Springer, Cham.
Tounsi, W. and Rais, H., 2018. A survey on technical threat intelligence in the age of
sophisticated cyber attacks. Computers & security. 72. pp.212-233.
UcedaVelez, T. and Morana, M. M., 2015. Risk centric threat modelling. John Wiley & Sons,
New York, USA.
Von Solms, R. and Van Niekerk, J., 2013. From information security to cybersecurity.
Computers & security. 38. pp.97-102.
Wang, T., Kannan, K. N. and Ulmer, J. R., 2013. The association between the disclosure and the
realization of information security risk factors. Information Systems Research. 24(2).
pp.201-218.
Young, D. and et al., 2016. A framework for incorporating insurance in critical infrastructure
cyber risk strategies. International Journal of Critical Infrastructure Protection. 14.
pp.43-57.
Online
Groot, J. D., 2019. What is Cyber Resilience? [Online]. Available Through:
<https://digitalguardian.com/blog/what-cyber-resilience>.
LaSalle, R., 2018. Cyber resilience: a five-point plan. International Journal of Critical
Infrastructure Protection. [Online]. Available Through:
<https://www.telegraph.co.uk/business/essential-insights/cyber-security-tips/>.
Petru, A., 2014. Can Companies Restore Consumer Confidence After a Data Breach? [Online].
Available Through: <http://www.triplepundit.com/story/2014/can-companies-restore-
consumer-confidence-after-data-breach/58451>.
Bell, T., 2018. What is cyber resilience? Building cybersecurity shock absorbers for the
enterprise. [Online]. Available Through:
<https://www.csoonline.com/article/3269726/what-is-cyber-resilience-building-
cybersecurity-shock-absorbers-for-the-enterprise.html>.
Adegeest, D., 2016. Cyber crime a major threat to retail. [Online]. Available Through:
<https://fashionunited.uk/news/retail/cyber-crime-a-major-threat-to-retail-industry/
2016080321287>.
Epsilon data breach: Marks & Spencer customers' emails stolen. [Online]. Available Through:
<https://www.theguardian.com/technology/2011/apr/06/epsilon-email-hack-marks-
spencer>.
Marks & Spencer data compromise not a hack. [Online]. Available Through:
<https://www.scmagazineuk.com/marks-spencer-data-compromise-not-hack/article/
1479418>.
31