What is offline secure storage?

Offline secure storage (OSS) is a data protection method where data is physically disconnected from the internet when not in use. Unlike cloud storage, data stored offline has zero remote attack surface — it cannot be hacked, ransomed or accessed remotely because it is not connected to any network. Firevault provides this through hardware-encrypted vaults that are physically isolated.

How does Firevault protect against ransomware?

Firevault protects against ransomware by physically disconnecting your data from the internet. Ransomware can only encrypt data it can reach over a network. When your data is stored offline in a Firevault, ransomware attacks cannot reach it. Even if your entire network is compromised, your offline vault remains untouched and intact.

How much does Firevault cost?

Firevault Vault starts from £75 per month (inc VAT) for individuals. Business Storage starts from £360 per month (inc VAT). Enterprise Platform pricing is available on request. All plans include hardware encryption, identity verification, and physical disconnection by default.

Who is Firevault designed for?

Firevault is designed for individuals protecting passports, wills and crypto keys; professionals such as solicitors, accountants and consultants protecting client data; SMEs and businesses protecting crown jewel data; and regulated industries including healthcare, financial services and legal sectors requiring offline backup for compliance with GDPR, NIS2, DORA and FCA regulations.

Is Firevault GDPR compliant?

Yes. Firevault is designed to support GDPR compliance by keeping sensitive personal data physically isolated and offline. Physical disconnection ensures data is not exposed to network-based attacks, supports data minimisation principles, and provides an audit trail of access. Firevault is also designed to support NIS2, DORA, FCA and SRA compliance requirements.

What is a physical air gap?

A physical air gap is a security measure where a computer or storage device is completely isolated from the internet and all unsecured networks. Unlike a logical or software air gap, a physical air gap cannot be bridged remotely. Firevault uses a Layer 1 physical air gap — your data is stored on hardware that is physically disconnected from any network when not in active use.

Back to Knowledge Vault

Compliance21 February 20264 min read

ICO Imposes Fine for Data Breach: A Wake-Up Call for Security

The Information Commissioner's Office (ICO) has issued a significant fine following a serious data breach. This enforcement action underscores the critical importance of robust cybersecurity measures for all organisations handling personal data.

Mark Fermor

Director & Co-Founder, Firevault

A padlock icon over a blurred background of abstract digital data, symbolising data security and protection.

What Has Changed

The Information Commissioner's Office (ICO) recently announced a substantial monetary penalty against an organisation for failing to implement appropriate technical and organisational measures to protect personal data. This enforcement action stemmed from a successful cyber attack that led to unauthorised access and exfiltration of a significant volume of personal data, including sensitive categories. The ICO's investigation highlighted deficiencies in the organisation's security posture, specifically regarding patch management, multi-factor authentication, and intrusion detection systems.

While the underlying legislation, the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, remains unchanged, this enforcement action serves as a clear reinforcement of the ICO's commitment to holding organisations accountable for data security failures. It demonstrates a continued focus on proactive security measures rather than simply reactive incident response.

Who Is Affected

This development affects virtually all organisations operating within the United Kingdom that process personal data. This includes businesses of all sizes, from small and medium sized enterprises to large corporations, across all sectors. Any entity that collects, stores, or otherwise handles personal information of UK residents is subject to the UK GDPR and, consequently, the scrutiny of the ICO. The nature of the data breached in this particular case (sensitive personal data) further emphasises that organisations dealing with health records, financial information, or other highly personal details face even greater expectations regarding their security provisions.

Practical Implications

The practical implications for businesses are significant and multi-faceted. Firstly, organisations must conduct thorough and regular risk assessments to identify vulnerabilities in their IT infrastructure and data processing activities. Secondly, there is an imperative to implement and maintain a comprehensive suite of technical and organisational security measures commensurate with the risks identified. This includes, but is not limited to, robust access controls, encryption, regular security audits, employee training, and a well-defined incident response plan.

Failure to demonstrate these measures can lead to not only substantial fines, as seen in this case, but also significant reputational damage, loss of customer trust, and potential legal challenges from affected individuals. Furthermore, the ICO expects organisations to be able to demonstrate accountability, meaning they must be able to evidence their compliance efforts.

How Physical Air Gap Storage Helps

Physical air gap storage offers a unique and highly effective solution for organisations seeking to bolster their data protection strategy and mitigate the risks highlighted by this ICO enforcement action. By physically isolating critical data from networked systems, an air gap creates an impenetrable barrier against cyber threats such as ransomware, malware, and sophisticated hacking attempts that exploit network vulnerabilities.

For organisations holding sensitive backups or archival data, a physical air gap ensures that even if an organisation's primary online systems are compromised, the air gapped data remains secure and untouched. This provides an invaluable last line of defence, enabling swift recovery and business continuity. It directly addresses the ICO's expectation for robust technical measures by offering a security paradigm that no software or network based solution can replicate. It significantly reduces the attack surface for the most critical data assets, thereby enhancing an organisation's overall security posture and demonstrating a proactive approach to data protection.

Key Takeaways

The ICO continues to enforce data protection regulations rigorously, with a particular focus on cybersecurity failures.
All organisations handling personal data in the UK are obligated to implement appropriate technical and organisational security measures.
Failure to protect personal data can result in substantial financial penalties and reputational harm.
Proactive security strategies, including robust risk assessments and the implementation of advanced security controls, are essential.
Physical air gap storage provides unparalleled protection for critical data, acting as a crucial safeguard against sophisticated cyber attacks and helping organisations meet regulatory compliance requirements for data integrity and availability.

About the author