Firevault - Disconnect to Protect®️ Offline Secure Storage for individuals, boardrooms and businesses data
Create your vault
Firevault - Disconnect to Protect®️ Offline Secure Storage for individuals, boardrooms and businesses data
Create your vault
Create your vault
A dark data centre hallway illuminated by red lights, with server racks lining both sides and a bright red light glowing at the end of the corridor.
November 7, 2025
Mark Fermor
Opinion

Offline by default: what the UK’s 2025 Breaches Survey really means for leaders

The UK Government’s Cyber Security Breaches Survey 2025 is a useful reality check for anyone responsible for risk, data, or continuity.

Four in ten businesses (43%) and three in ten charities (30%) identified a breach or attack in the last 12 months. That equates to about 612,000 UK businesses and 61,000 charities being hit in a single year.

That headline hides three problems that leaders cannot ignore:

1) Exposure is constant, even when the numbers look “better”

Prevalence fell from 50% in 2024 to 43% in 2025, largely because fewer micro and small firms spotted phishing. Medium and large organisations remain heavily targeted at 67% and 74% respectively. So risk has not gone away. It has concentrated where the impact is largest.

2) Controls are uneven and leave gaps attackers can exploit

Basic measures like malware protection, firewalls and backups are common, but adoption of stronger gates is still too low. Only 40% of businesses use any form of two-factor authentication, 31% use a VPN for remote staff, and 30% monitor user activity.

3) Supply chains remain a blind spot

Only 14% of businesses review cyber risks in their immediate suppliers, and just 7% look at the wider supply chain. Even among large firms, only a quarter review wider supply chains. This is the same fault line attackers abused repeatedly in 2024–25.

Governance trend to watch

Board responsibility for cyber is 27% across all businesses, rising to 66% in large firms. That still leaves most companies without explicit senior ownership of cyber risk, which slows decision-making when incidents hit.

What “offline by default” changes

Most organisations accept permanent connectivity, then try to detect and recover fast enough. The survey shows where that breaks down: ransomware pressure, supplier weaknesses, and disruption even when “little” is taken.

Offline by default flips the equation. If your crown-jewel data is physically disconnected and identity-locked when not in use:

  • Ransomware cannot reach or encrypt the master copy.
  • Supplier outages and cloud incidents do not take your anchor data down.
  • Insider mistakes have a smaller blast radius because the source of truth is offline.

You still use online tools, but your most valuable assets live elsewhere: physically isolated until you choose to connect.

A five-step plan for boards

  1. Classify what must never be online. Board packs, contracts, customer PII, IP, seed files, keys. Decide that these live offline by default.
  2. Adopt 3-2-1-0. Three copies, two media, one off-site, and zero permanent online exposure for the master.
  3. Make “offline %” a KPI. Track the share of sensitive files stored offline by default. Report it quarterly like any other risk metric.
  4. Hard-gate access. Enforce MFA, least privilege and time-boxed sessions when you bring data online for use. Return it offline when finished. The survey shows MFA is still under-used. Close that gap.
  5. Fix the supply-chain weakness. Require offline custody for partners that touch your crown-jewel data. Build it into contracts and due diligence. The current rates of supplier review are not enough.

How Firevault implements offline by default

Firevault is a secured offline data storage platform built around three pillars:

  • Controlled Connectivity — you decide when systems connect.
  • Secured Offline Access — identity-locked access with strong MFA, short windows, full audit.
  • Secured Offline Data — files are physically disconnected when idle.

Our Vault is likened to a digital safe deposit box for directors, investors, legal teams, creators and anyone who cannot afford a leak or lockout. Access is intentional and brief. When work is done, assets go back offline.

For teams and enterprises, Storage and our platform modules support offline custody for regulated datasets, board information, and recovery anchors, so you can keep operations moving even when suppliers or clouds fail.

The takeaway

The Breaches Survey shows some progress on hygiene, but it also shows persistent exposure, weak supply-chain oversight and patchy adoption of stronger controls. Do not accept permanent risk as the price of doing business. Reduce exposure first. Detect and respond second.

Read the full UK Government report to review the data for yourself.

If you want a practical roadmap to go offline by default for your most valuable data, speak with the Firevault team. We will help you decide what to take offline first and show how to keep it accessible on your terms

By Mark Fermor

Leave a Reply

A graphic with pink hues shows a headless suit on the left and text on the right stating: Did you know 84% of data breaches result in £21,500 personal fraud. Create your vault. Firevault logo is at the bottom left.
Infographic with city skyscrapers and text: Did you know company directors have a £500K personal liability for breaches. Create your vault. Firevault logo and slogan disconnect to protect at the bottom.
.

Discover more from Firevault - Disconnect to Protect®️

Subscribe now to keep reading and get access to the full archive.

Continue reading