What is offline secure storage?

Offline secure storage (OSS) is a data protection method where data is physically disconnected from the internet when not in use. Unlike cloud storage, data stored offline has zero remote attack surface — it cannot be hacked, ransomed or accessed remotely because it is not connected to any network. Firevault provides this through hardware-encrypted vaults that are physically isolated.

How does Firevault protect against ransomware?

Firevault protects against ransomware by physically disconnecting your data from the internet. Ransomware can only encrypt data it can reach over a network. When your data is stored offline in a Firevault, ransomware attacks cannot reach it. Even if your entire network is compromised, your offline vault remains untouched and intact.

How much does Firevault cost?

Firevault Vault starts from £75 per month (inc VAT) for individuals. Business Storage starts from £360 per month (inc VAT). Enterprise Platform pricing is available on request. All plans include hardware encryption, identity verification, and physical disconnection by default.

Who is Firevault designed for?

Firevault is designed for individuals protecting passports, wills and crypto keys; professionals such as solicitors, accountants and consultants protecting client data; SMEs and businesses protecting crown jewel data; and regulated industries including healthcare, financial services and legal sectors requiring offline backup for compliance with GDPR, NIS2, DORA and FCA regulations.

Is Firevault GDPR compliant?

Yes. Firevault is designed to support GDPR compliance by keeping sensitive personal data physically isolated and offline. Physical disconnection ensures data is not exposed to network-based attacks, supports data minimisation principles, and provides an audit trail of access. Firevault is also designed to support NIS2, DORA, FCA and SRA compliance requirements.

What is a physical air gap?

A physical air gap is a security measure where a computer or storage device is completely isolated from the internet and all unsecured networks. Unlike a logical or software air gap, a physical air gap cannot be bridged remotely. Firevault uses a Layer 1 physical air gap — your data is stored on hardware that is physically disconnected from any network when not in active use.

Back to Guides

Risk Managementbeginner

Cost of Paying Ransoms: Why Payers Still Lose

Paying a ransom does not end a ransomware incident. It begins a longer, more expensive, and more damaging process that organisations without recovery independence are forced into. Understanding the true cost changes the calculation entirely.

10 min read

The Ransom Is Not the Cost

When organisations evaluate ransomware risk, they often frame it as a financial calculation: the cost of paying versus the cost of not paying. This framing is fundamentally wrong because the ransom payment is the smallest component of the total cost.

Research consistently shows that the total cost of a ransomware incident for organisations that pay the ransom is two to three times higher than for organisations that recover independently. Paying does not end the incident. It extends it.

The True Cost Breakdown

The Ransom Payment

The median ransom payment for UK organisations in 2024 exceeded £200,000. But this is the beginning, not the end, of the financial impact.

Recovery Costs After Payment

Paying the ransom does not restore your systems. Decryption tools provided by attackers are notoriously unreliable, with success rates often below 65%. Organisations that pay typically still need to rebuild significant portions of their infrastructure from backups or from scratch.

Extended Downtime

Organisations that pay ransoms experience average downtime of 22 days. Organisations that recover from offline backups and credentials average 5 to 7 days. The additional downtime directly translates to lost revenue, productivity, and customer trust.

Repeat Targeting

Organisations that pay are 80% more likely to be attacked again within 12 months. Attackers share intelligence about which organisations pay, creating a target list that circulates through criminal networks.

Regulatory Consequences

The ICO does not treat ransom payment as a mitigating factor. In fact, payment may attract additional scrutiny, particularly if it involves transferring funds to sanctioned entities. The Office of Financial Sanctions Implementation (OFSI) has issued guidance making clear that ransom payments to sanctioned groups may constitute a criminal offence.

Insurance Implications

Many cyber insurance policies now exclude or limit ransom payment coverage. Policies that do cover ransoms may require evidence that the organisation exhausted all recovery alternatives before payment, making recovery independence a prerequisite for claims.

Why Organisations Pay Anyway

Organisations do not pay ransoms because it is a good decision. They pay because they have no alternative. Their recovery credentials are encrypted. Their procedures are inaccessible. Their backup systems require authentication through compromised infrastructure. Payment is not a strategy. It is the absence of one.

The Recovery Independence Alternative

Every reason organisations pay ransoms traces back to the same root cause: recovery dependency on connected systems. Eliminate this dependency, and the ransom calculation changes fundamentally:

Recovery credentials offline: Your team can access backup systems and cloud consoles regardless of what the attacker encrypted
Procedures offline: Your team knows exactly what to do, in what order, because the playbook survived the attack
Communication offline: Your team can coordinate without depending on corporate email or messaging

When recovery is possible without paying, the ransom demand becomes irrelevant. The attacker's leverage evaporates.

The Numbers

Average total cost with payment: £1.2 million (ransom plus recovery plus downtime plus consequential losses)
Average total cost with independent recovery: £340,000 (recovery effort plus limited downtime)
Annual cost of offline secure storage: A fraction of either figure

Conclusion

Paying a ransom is not a recovery strategy. It is the most expensive, least reliable, and most damaging option available. Recovery independence through offline secure storage eliminates the need to pay by ensuring that the credentials, procedures, and documentation needed for recovery survive any attack. The investment in prevention is a fraction of the cost of capitulation.