What is offline secure storage?

Offline secure storage (OSS) is a data protection method where data is physically disconnected from the internet when not in use. Unlike cloud storage, data stored offline has zero remote attack surface — it cannot be hacked, ransomed or accessed remotely because it is not connected to any network. Firevault provides this through hardware-encrypted vaults that are physically isolated.

How does Firevault protect against ransomware?

Firevault protects against ransomware by physically disconnecting your data from the internet. Ransomware can only encrypt data it can reach over a network. When your data is stored offline in a Firevault, ransomware attacks cannot reach it. Even if your entire network is compromised, your offline vault remains untouched and intact.

How much does Firevault cost?

Firevault Vault starts from £75 per month (inc VAT) for individuals. Business Storage starts from £360 per month (inc VAT). Enterprise Platform pricing is available on request. All plans include hardware encryption, identity verification, and physical disconnection by default.

Who is Firevault designed for?

Firevault is designed for individuals protecting passports, wills and crypto keys; professionals such as solicitors, accountants and consultants protecting client data; SMEs and businesses protecting crown jewel data; and regulated industries including healthcare, financial services and legal sectors requiring offline backup for compliance with GDPR, NIS2, DORA and FCA regulations.

Is Firevault GDPR compliant?

Yes. Firevault is designed to support GDPR compliance by keeping sensitive personal data physically isolated and offline. Physical disconnection ensures data is not exposed to network-based attacks, supports data minimisation principles, and provides an audit trail of access. Firevault is also designed to support NIS2, DORA, FCA and SRA compliance requirements.

What is a physical air gap?

A physical air gap is a security measure where a computer or storage device is completely isolated from the internet and all unsecured networks. Unlike a logical or software air gap, a physical air gap cannot be bridged remotely. Firevault uses a Layer 1 physical air gap — your data is stored on hardware that is physically disconnected from any network when not in active use.

NCSC Advises UK Organisations to Take Action Following Middle East Conflict

On 2 March 2026, the National Cyber Security Centre published an alert advising UK organisations to review their cyber security posture in response to the escalating conflict in the Middle East. The advisory is measured in tone but unambiguous in its message: geopolitical instability creates cyber risk, and organisations must act now to protect themselves.

Source: NCSC Alert: Advises UK organisations to take action following conflict in the Middle East — Published 2 March 2026

What the NCSC Has Said

The advisory identifies three key threat assessments. First, while there is likely no current significant change in the direct cyber threat from Iran to the UK, the NCSC acknowledges that this assessment may change rapidly given the fast-evolving nature of the conflict. Second, there is almost certainly a heightened risk of indirect cyber threat for organisations with a presence, or supply chains, in the Middle East. Third, Iranian state and Iran-linked cyber actors almost certainly maintain at least some capability to conduct cyber activity.

The language is deliberately calibrated. 'Almost certainly' sits at the top of the NCSC's probability scale. This is not speculation. It is a formal intelligence assessment.

Who Is at Risk

The advisory is aimed at three primary audiences: cyber security professionals, large organisations, and public sector bodies. However, the implications extend further. Any organisation with the following characteristics should consider itself exposed:

Supply chain links to the Middle East: Including vendors, partners, or clients operating in the region

Critical National Infrastructure operators: Energy, water, transport, healthcare, and financial services

Organisations holding sensitive data: Legal, financial, governmental, or personal records

Entities with public-facing digital services: Vulnerable to DDoS campaigns and hacktivism

The Specific Threats Identified

The NCSC references three distinct attack vectors that organisations should prepare for:

DDoS Attacks: Iran-linked hacktivist groups have a documented history of launching distributed denial-of-service campaigns against UK organisations. These attacks disrupt online services and are often used for political signalling rather than data theft. The NCSC points to its previous advisory on pro-Russia hacktivist activity as a reference point, indicating that similar tactics are expected from Iran-linked groups.

Phishing Activity: State-sponsored phishing campaigns are a well-documented Iranian capability. The NCSC and US counterparts have previously issued a joint advisory warning of targeted spear-phishing operations conducted on behalf of the Iranian state. These campaigns typically target individuals with access to sensitive information or critical systems.

Industrial Control Systems Targeting: Perhaps the most concerning reference is to CISA's advisory on ICS targeting, which details Iranian cyber actors' capabilities against operational technology environments. This includes water treatment facilities, energy infrastructure, and manufacturing systems.

What Organisations Should Do Now

The NCSC recommends several immediate actions:

Review your risk posture: Assess exposure to both direct and indirect threats from the conflict

Increase monitoring: Expand surveillance of network activity and threat indicators

Review your external attack surface: Identify and remediate internet-facing vulnerabilities

Sign up to the NCSC Early Warning service: Receive timely notifications of security issues affecting your networks

Report any concerning activity: Use the NCSC's incident reporting service to flag suspicious behaviour

For Critical National Infrastructure operators, the NCSC points to its comprehensive guidance on preparing for severe cyber threats, recommending organisations review this proactively rather than reactively.

Why This Matters for Data Protection

Every recommendation in the advisory assumes that your systems remain connected. Increase monitoring. Review attack surfaces. Patch vulnerabilities. These are necessary steps, but they all operate within the same paradigm: defending connected systems against determined attackers.

The fundamental problem is that connected systems are, by definition, reachable. A state-sponsored actor with sufficient motivation and resources can eventually find a way through any online defence. The NCSC itself acknowledges that these threat assessments are 'subject to change', meaning the risk can escalate without warning.

This is precisely the scenario that physical disconnection addresses. Data stored on a Firevault system is not connected to the internet. It has no IP address. It cannot be reached by DDoS attacks, phishing campaigns, or ICS exploitation tools. It does not appear on any external attack surface review because it has no external surface.

The Physical Disconnection Advantage

Consider the three threat vectors the NCSC identifies:

DDoS attacks require a network endpoint to flood. Firevault systems have no network endpoint.

Phishing campaigns aim to steal credentials for online systems. Firevault systems are not online systems.

ICS targeting exploits internet-connected control interfaces. Firevault storage has no internet-connected interface.

This is not a software solution. It is a physical architecture. The storage drives sit in secure Firevault Bunkers, physically disconnected from any network. Connection occurs only when the owner initiates it through a controlled, time-limited process.

The Broader Lesson

The NCSC advisory is a reminder that cyber threats do not exist in isolation. They are shaped by geopolitics, by conflict, by the strategic interests of nation states. Organisations cannot predict when the next escalation will occur or which sector will be targeted.

What they can control is which data remains exposed when that escalation happens. For the information that matters most, the one that your organisation cannot afford to lose or have exposed, the safest position is physical disconnection. Not firewalls. Not encryption. Not monitoring. Physical, verifiable, permanent disconnection from every network that an attacker could traverse.

Key Takeaways

The NCSC has issued a formal alert advising UK organisations to review their cyber security posture in response to the Middle East conflict

Iranian state-linked actors maintain active cyber capabilities including DDoS, phishing, and ICS targeting

Organisations with Middle East supply chain links face heightened risk and should increase monitoring immediately

Connected defences have inherent limitations because they assume the system remains reachable

Physical disconnection eliminates the attack surface entirely, making Firevault storage unreachable by any network-based threat vector

NCSC Advises UK Organisations to Take Action Following Middle East Conflict

What the NCSC Has Said

Who Is at Risk

The Specific Threats Identified

What Organisations Should Do Now

Why This Matters for Data Protection

The Physical Disconnection Advantage

The Broader Lesson

Key Takeaways

Related Articles

End-of-Life Technology: The Hidden Cyber Risk Threatening Critical National Infrastructure

NCSC CNI Guide: Preparing Your Organisation for Severe Cyber Threats

UK Critical National Infrastructure: The Evolving Threat Landscape in 2026

Which offline secure storage solution is right for you?

Your privacy matters