How does Firevault protect against ransomware?

Firevault protects against ransomware by physically disconnecting your data from the internet. Ransomware can only encrypt data it can reach over a network. When your data is stored offline in a Firevault, ransomware attacks cannot reach it. Even if your entire network is compromised, your offline vault remains untouched and intact.

How much does Firevault cost?

Firevault Vault starts from £75 per month (inc VAT) for individuals. Business Storage starts from £360 per month (inc VAT). Enterprise Platform pricing is available on request. All plans include hardware encryption, identity verification, and physical disconnection by default.

Who is Firevault designed for?

Firevault is designed for individuals protecting passports, wills and crypto keys; professionals such as solicitors, accountants and consultants protecting client data; SMEs and businesses protecting crown jewel data; and regulated industries including healthcare, financial services and legal sectors requiring offline backup for compliance with GDPR, NIS2, DORA and FCA regulations.

Is Firevault GDPR compliant?

Yes. Firevault is designed to support GDPR compliance by keeping sensitive personal data physically isolated and offline. Physical disconnection ensures data is not exposed to network-based attacks, supports data minimisation principles, and provides an audit trail of access. Firevault is also designed to support NIS2, DORA, FCA and SRA compliance requirements.

What is a physical air gap?

A physical air gap is a security measure where a computer or storage device is completely isolated from the internet and all unsecured networks. Unlike a logical or software air gap, a physical air gap cannot be bridged remotely. Firevault uses a Layer 1 physical air gap — your data is stored on hardware that is physically disconnected from any network when not in active use.

Back to Guides

Guidesintermediate

Board Director's Guide

Q: What is offline secure storage?

Offline secure storage (OSS) is a data protection method where data is physically disconnected from the internet when not in use. Unlike cloud storage, data stored offline has zero remote attack surface — it cannot be hacked, ransomed or accessed remotely because it is not connected to any network. Firevault provides this through hardware-encrypted vaults that are physically isolated.

A governance guide for directors with fiduciary responsibility for cyber risk. Learn how offline secure storage protects your organisation and your personal liability.

12 min read

Executive Summary

Who this guide is for: Board Directors, Non-Executive Directors, and Audit Committee members with governance responsibility for cyber risk.

What you will learn: Why offline secure storage is a governance priority, what questions to ask management, and how to oversee its implementation.

Key takeaway: Directors face increasing personal liability for cyber incidents. Regulators and courts expect boards to understand and oversee material cyber risks, not just delegate them.

The Governance Context

Cyber risk is now a board-level concern:

94% of breaches target executive-level information
Average breach cost when board data is compromised: £4.7 million
D&O insurance claims due to cyber have increased 40% year-on-year
Maximum ICO director personal liability: £500,000

Your Fiduciary Duty

As a director, you have a duty to:

Understand material cyber risks facing the organisation
Ensure appropriate controls are in place
Oversee management's response to incidents
Protect shareholder value from cyber events

You do not need to be a technical expert. You need to ask the right questions and ensure satisfactory answers.

What is Offline Secure Storage?

Offline secure storage removes your most sensitive data from online exposure:

Physically disconnected: Not reachable from the internet
Dedicated hardware: No shared infrastructure
Controlled access: Identity verification and time-boxed sessions
Owned by you: Not a third-party service

If it is offline and disconnected, it cannot be scanned, stolen, or ransomed.

What Data Should Be Protected?

Board-level data that warrants offline protection:

M&A documents and strategic plans
Board papers and minutes
Executive compensation and succession plans
Intellectual property and trade secrets
Customer and employee personal data

Questions to Ask Management

When reviewing cyber risk, ask:

Which data would cause existential harm if breached?
How is that data protected from ransomware?
Can our backups be encrypted alongside production systems?
Do we have proven offline recovery capability?
What is our evidence for regulators and insurers?

Governance Framework

Effective cyber governance includes:

Risk appetite: Define acceptable exposure levels
Regular reporting: Cyber metrics in board packs
Incident response: Board role in major incidents
Investment oversight: Approve cyber protection spend

Liability Protection

Demonstrable controls reduce personal liability:

Evidence of board oversight reduces negligence claims
Documented risk assessment supports D&O insurance
Offline storage is auditable and verifiable

Implementation Oversight

When approving offline storage investment:

Review the business case: Risk reduction and compliance benefits
Approve budget: Proportionate to risk exposure
Monitor implementation: Progress reports to board
Verify completion: Evidence of operational status

Frequently Asked Questions

Is this just IT's responsibility? No. Cyber risk is a material business risk requiring board oversight.

How do I evaluate this without technical expertise? Focus on risk, cost, and evidence. Ask if controls are demonstrable to regulators.

What is the cost? Proportionate to data value and risk exposure. Far less than the cost of a major breach.

Next Steps

If you have governance responsibility for cyber risk and want to understand how offline secure storage protects your organisation (and your personal liability), request an executive briefing.