What is offline secure storage?

Offline secure storage (OSS) is a data protection method where data is physically disconnected from the internet when not in use. Unlike cloud storage, data stored offline has zero remote attack surface — it cannot be hacked, ransomed or accessed remotely because it is not connected to any network. Firevault provides this through hardware-encrypted vaults that are physically isolated.

How does Firevault protect against ransomware?

Firevault protects against ransomware by physically disconnecting your data from the internet. Ransomware can only encrypt data it can reach over a network. When your data is stored offline in a Firevault, ransomware attacks cannot reach it. Even if your entire network is compromised, your offline vault remains untouched and intact.

How much does Firevault cost?

Firevault Vault starts from £75 per month (inc VAT) for individuals. Business Storage starts from £360 per month (inc VAT). Enterprise Platform pricing is available on request. All plans include hardware encryption, identity verification, and physical disconnection by default.

Who is Firevault designed for?

Firevault is designed for individuals protecting passports, wills and crypto keys; professionals such as solicitors, accountants and consultants protecting client data; SMEs and businesses protecting crown jewel data; and regulated industries including healthcare, financial services and legal sectors requiring offline backup for compliance with GDPR, NIS2, DORA and FCA regulations.

Is Firevault GDPR compliant?

Yes. Firevault is designed to support GDPR compliance by keeping sensitive personal data physically isolated and offline. Physical disconnection ensures data is not exposed to network-based attacks, supports data minimisation principles, and provides an audit trail of access. Firevault is also designed to support NIS2, DORA, FCA and SRA compliance requirements.

What is a physical air gap?

A physical air gap is a security measure where a computer or storage device is completely isolated from the internet and all unsecured networks. Unlike a logical or software air gap, a physical air gap cannot be bridged remotely. Firevault uses a Layer 1 physical air gap — your data is stored on hardware that is physically disconnected from any network when not in active use.

Back to Guides

Insurancebeginner

Cyber Insurance and Physical Controls

Cyber insurers are increasingly differentiating between organisations that rely solely on software controls and those that implement physical governance. Understanding this shift can reduce premiums and improve coverage terms.

9 min read

The Insurance Market Is Changing

The cyber insurance market has undergone significant hardening since 2020. Premiums have increased, coverage has narrowed, and underwriters are asking increasingly specific questions about security controls. The era of broad, affordable cyber insurance without rigorous scrutiny is over.

What has changed most significantly is what underwriters consider adequate. Software-based security controls that were sufficient for policy issuance five years ago are now viewed as baseline expectations. Insurers are looking for differentiation, and physical controls provide exactly that.

What Underwriters Are Asking

Modern cyber insurance applications increasingly include questions about:

Whether backup credentials are stored separately from production systems
Whether recovery procedures exist offline and have been tested
Whether privileged access is governed with controls beyond software-based PAM
Whether the organisation maintains air-gapped copies of critical recovery assets
Whether incident response plans are accessible during a total system compromise

Each of these questions maps directly to capabilities that OSS provides. Organisations that can answer "yes" with evidence of physical controls are positioned for more favourable terms.

The Premium Impact

While premium reductions vary by insurer and risk profile, organisations that demonstrate physical governance controls typically benefit from:

Lower deductibles: Insurers may reduce self-insured retention amounts for organisations with demonstrably stronger controls
Broader coverage: Physical controls may qualify organisations for coverage extensions that are unavailable to those relying solely on software controls
Simplified renewal: A strong control posture reduces the scrutiny and documentation required at renewal
Claims advantage: In the event of a claim, documented physical controls strengthen the organisation's position during the claims process

Evidence That Insurers Value

Insurers are evidence-driven. The following documentation strengthens your insurance position:

Crown Jewels Register: A documented inventory of critical assets with proportionate protection measures
Offline access logs: Tamper-evident records demonstrating regular governance of offline assets
Recovery test results: Documented exercises demonstrating that recovery credentials were accessed and validated from offline storage
Governance procedures: Written policies for offline asset management, including update schedules and access controls

The Claims Perspective

Physical controls also strengthen your position in the event of a claim. Organisations that can demonstrate they maintained offline recovery credentials are more likely to recover quickly, reducing the total claim value. Faster recovery means lower business interruption costs, which benefits both the organisation and the insurer.

Additionally, demonstrating that certain data was stored in physically disconnected systems can reduce the scope of a data breach, potentially limiting notification obligations and associated costs.

Practical Steps

Review your current policy. Identify security control requirements and assess which can be strengthened through physical controls.
Brief your broker. Ensure your insurance broker understands and can articulate your physical governance capabilities to underwriters.
Document everything. Create an evidence pack demonstrating your OSS governance, including access logs, test results, and governance procedures.
Align renewal timing. Implement physical controls ahead of your renewal cycle to maximise premium impact.

Conclusion

Cyber insurance is a risk transfer mechanism, not a security strategy. But the insurance market increasingly rewards organisations that demonstrate genuine governance maturity. Physical controls through OSS provide the tangible, evidence-based differentiation that underwriters are actively looking for.