Instinct Lab: Prove Behaviour Changed | The Cyber Escape Room Co.
Instinct Lab
INSTINCT
Behavioural security intelligence

Completion is
not proof.
Behaviour is.

A finished module tells you who turned up. It tells you nothing about who would actually pause before clicking, question the call, or report the thing that felt off. Instinct Lab measures the decisions your people make, turns them into one number, and shows you whether it moved.

Scroll
The Behaviour Formula
EEngagement AAwareness × CCulture = IInstinct

Engagement leads to awareness. Culture multiplies it. The result is instinct, the only thing that holds up when a real attacker calls. That output is your SII.

Measuring the
wrong thing.

The whole industry counts completions. Modules finished, certificates issued, boxes ticked. None of it answers the only question that matters: would your people actually behave differently under pressure?

Instinct Lab is built around behaviour, not attendance. It reads the decisions people make, in surveys and inside live rehearsals, and resolves them into a single measured estimate of security instinct across your organisation.

One number you can take to the board. The detail underneath it when they ask how you got there. And the same number, measured again later, to prove the rehearsal worked.

How the number is built

Three inputs.
One output.

Instinct is not a thing you train directly. It is what you get when three conditions line up. Get one wrong and the whole result drops, which is exactly how real risk behaves.

E
Engagement
Input term
Are your people actually paying attention, or clicking through to get back to work? Nothing else happens without this. It is where every rehearsal starts.
A
Awareness
Input term
Do they recognise the threat when it is in front of them? Engagement earns awareness. You cannot spot what you were never present enough to learn.
C
Culture
The multiplier
Will the organisation around them back the right call? Culture does not add, it multiplies. A failing culture drags everything else down with it, so it dominates the diagnosis.
I
Instinct
The output · your SII
This is the result, not a fourth input. The Security Instinct Index: your organisation's measured reflex when it counts. The number the whole platform exists to move.
Two indices, one gap

What they think.
What they do.

Your people think they'd nail it. The evidence says: not yet. The distance between those two is the most useful thing we measure.
SII
The perception measure
How secure your people believe they are. Confidence, self-belief, the story the organisation tells itself. Carried at full weight, because what people think they'll do shapes what they actually do.
SBI
The behaviour measure
What the evidence of their behaviour actually shows. Discounted on purpose, because self-assessment flatters. When SII runs far ahead of SBI, you have confidence with nothing underneath it, and that is where incidents come from.
The alignment gap

The board and
the floor disagree.

15–25pts
how much higher leadership rates the security culture than the people who actually live in it

Ask the leadership team how secure the culture is. Then ask the people who live in it every day. The two answers rarely match, and the boardroom is almost always the optimistic one.

Instinct Lab measures both, staff and executives, and puts the distance between them on a single screen. That gap is not a rounding error. It is the difference between the risk you think you're carrying and the risk you actually are.

It's also the most useful slide in the room. Close the gap and everything downstream gets easier: people report sooner, speak up faster, and trust that the right call will be backed.

The proof loop

Measure. Rehearse.
Measure again.

Anyone can show you a score. We show you a score that moved, and prove the rehearsal is what moved it. This is the mechanism the whole company is built on.

01
Baseline
Before you start
A calibrated staff and exec survey sets your starting position. Where instinct is strong, where it is exposed, and how far apart the boardroom and the floor really are.
02
Rehearse
The experience
Your people run a real experience. An escape room, a SHIFT mission, a live vishing call. They make decisions under pressure, and those decisions become evidence.
03
Refit
14 to 28 days later
We measure again, inside the attribution window, against locked questions for a fair comparison. The change is real, it is dated, and it is attributable to the rehearsal.

Say it. Do it.
See it proven.

One source never tells the truth on its own. Instinct Lab reads three kinds of evidence and layers them into a single score: what your people say, what they actually do, and what we observe around them.

The survey says your people would report a suspicious call. A CTRL+VISH call proves whether they actually do. And observed behaviour, captured around a live engagement, settles it. When all three line up at the same level, you are not guessing any more.

Every experience sharpens your formula, rolling out across 2026. We show you what is live and tell you straight what is coming. We never invent a number.

What they say
Staff & exec surveys. Deep, calibrated self-report and perception. They set the baseline and re-anchor the score at every refit.
What they do
The experiences. Real decisions under pressure from every rehearsal, SHIFT, CTRL+VISH, the escape rooms, dripping in continuously between surveys.
What we observe
Observational data. Concrete behaviour seen around live engagements, layered on top. The highest-credibility evidence there is, corroborating the rest.
What we actually measure

Five secure behaviours.

The score is not abstract. Underneath it sit five behaviours that decide whether a real incident gets caught or gets through.

01
Risk recognition
02
Secure decision making
03
Reporting
04
Authentication & credentials
05
Psychological safety
Evidence for the board

Aligned to the
frameworks that matter.

Each of the five behaviours maps to the controls behind the frameworks your auditors and regulators already speak. So a behavioural score becomes language a board understands.

ISO/IEC 27001:2022 NIST CSF 2.0 Cyber Essentials DORA NIS2 NCSC CAF

The Rehearsal Log records everything you run, with participation, scores and dates, exportable as a board-pack PDF. Behavioural evidence, generated from what your people actually did.

Instinct Lab indicates behavioural alignment with the referenced frameworks at a control level, reviewed against current published versions. It is not a compliance assessment, audit, or certification, and it does not guarantee any regulatory outcome.

See your starting line

Get your
baseline.

Start with a baseline of where your people's instinct sits today. Then rehearse, and watch the number move. We will walk you through the whole loop.