01
Knowledge doesn't survive pressure
People know the policy. They've passed the quiz. But when speed, authority, or ambiguity shows up, knowledge alone isn't enough. Behaviour under pressure is a different thing entirely.
Behavioural security intelligence
Measure.
Change.
Measure again.
Find out what your people actually do under pressure.
Most organisations measure security awareness. Very few measure security behaviour. Instinct Lab gives you the data your board needs: how your people recognise risk, make decisions, and respond when it matters. Then we partner with The Cyber Escape Room Co. to put teams through experiences that change behaviour, and we measure again so you can prove it moved.
Mapped toDORA·NIS2·NIST CSF·ISO 27001·CAF·Cyber Essentials Plus
The problem
Awareness scores look great.
Breaches keep happening.
Training completion rates tell you who showed up. They don't tell you who'd make the right call at 4pm on a Friday with a deadline breathing down their neck.
02
Leadership sees a different picture
Executives often rate security culture 15 to 25 points higher than staff experience. That gap is invisible until you measure both sides, and it's where risk builds.
03
Compliance isn't behaviour
Regulators are moving beyond "did you train them?" toward "can you evidence how they behave?" DORA, NIS2, and ISO all expect behavioural proof. Completion certificates aren't it.
The programme
A three-act programme, designed to be defensible.
Act one
Measure
We baseline cyber behaviour across your organisation using the Security Instinct Index and Security Behaviour Index. Two views of the same staff data: how people perceive your security culture, and how they actually behave when something looks wrong. Triangulated with an executive baseline so you see the gap between what leadership thinks is happening and what is.
Act two
Change
We partner with The Cyber Escape Room Co. on the engagement layer. Immersive, scenario-led experiences that put teams under realistic pressure. People don't learn cyber instincts from slides. They build them by making decisions with visible consequences, and each scenario is wired to the behaviours your baseline flagged.
Act three
Measure again
Three to six months after intervention, we re-measure. Same instrument, same cohorts, same methodology version. You get a dated, defensible delta: what shifted, what didn't, where to invest next. That's what makes the programme accountable rather than aspirational.
Methodology
Two indices.
One honest picture.
The Security Instinct Index is your organisation's behavioural narrative: a composite across Engagement, Culture, Awareness, and Instinct. The Security Behaviour Index is the evidence layer: five measurable behaviours, each mapped to specific regulatory requirements. The space between the two indices is where most behaviour-change programmes either prove themselves or quietly fail.
Full methodologySIIIndex
Security Instinct Index
The narrative view. Four pillars, calibrated against the behaviours that actually predict secure decision-making under pressure.
- Engagement
- Do people care enough to pay attention?
- Culture
- How security shows up between training sessions
- Awareness
- Can people recognise risk in real time?
- Instinct
- Speed and quality of behaviour under pressure
SBIIndex
Security Behaviour Index
The evidence layer. Five secure behaviours, each independently scored and mapped to specific regulatory clauses.
- Risk Recognition
- Spotting what's wrong before it goes wrong
- Secure Decision Making
- Defaults under speed and pressure
- Reporting
- Surfacing anomalies without hesitation
- Authentication & Credentials
- The unglamorous discipline
- Psychological Safety
- Foundation for the other four
Engagement partner
People build cyber instincts under pressure.
Not under fluorescent lights.
The change layer of the programme is delivered by The Cyber Escape Room Co. Immersive scenarios that put teams in the moment a real incident happens. A power station compromised mid-shift. A heist unfolding on a moving train. A Victorian mystery with a modern data breach.
Each scenario is wired to the behaviours your baseline flagged. Teams make decisions with visible consequences. The right instincts stick because they were earned, not memorised.
Visit The Cyber Escape Room Co.The Break In
A high-pressure cyber incident at a fictional power station. Teams race to contain the breach before the reactor goes critical.
The Heist
A scenario set on a moving train. Thirty minutes to spot what's wrong, decide who to trust, and stop the data leaving the carriage.
Elementary
A Victorian-era mystery with a modern cyber twist. Teams piece together clues to uncover the data breach behind the scandal.
Continuous intelligence
A score today.
A direction over time.
A baseline tells you where you are. Refits tell you whether you're moving. Instinct Lab runs structured refit surveys at intervals you control, so you can track real behavioural change instead of reassuring yourself with another training completion rate.
- Pillar-level delta tracking across every refit cycle
- Compare current scores against your frozen baseline
- Spot which behaviours are improving and which are regressing
- Board-ready evidence of programme impact over time
- Methodology version tagged on every score so apples stay apples
Who it's for
Built for people who have to prove the programme worked.
Security leaders
Walk into a board meeting with a dated, defensible behaviour baseline and the delta after intervention. The number is the same instrument applied twice. No editing the goalposts.
L&D teams
Move past attendance numbers and feedback forms. Tie each programme to a measurable shift in actual workforce behaviour. Get back evidence senior stakeholders actually believe.
Consultancies and MSSPs
Embed the measurement layer in your cyber awareness or culture-change practice. We handle the methodology and the portal. You keep the customer relationship.
Start with a baseline
Measure first.
Then decide what to change.
A baseline takes a few weeks and tells you which behaviours are embedded, which are aspirational, and where the alignment gap is widest. We'll show you what your data looks like before you commit to anything else.