Instinct Lab - Behavioural Security Intelligence
Behavioural Security Intelligence

Find out what your people actually do under pressure.

Most organisations measure security awareness. Very few measure security behaviour. Instinct Lab gives you the data your board needs: how your people recognise risk, make decisions, and respond when it matters.

Request a Demo See How It Works
Mapped toDORA · NIST · ISO · CAF · CE+
SourcesStaff · Executive · Observed
Overview Behaviours Alignment
Live Baseline
67

Security Instinct Index

Composite behavioural position across all pillars and data sources

Embedded
Engagement62
Developing
Culture71
Embedded
Awareness73
Embedded
Instinct58
Developing

Leadership Alignment

Culture
Gap: 18
Instinct
Gap: 30

The Problem

Awareness scores look great. Breaches keep happening.

Training completion rates tell you who showed up. They don't tell you who'd make the right call at 4pm on a Friday with a deadline breathing down their neck.

⏱️

Knowledge doesn't survive pressure

People know the policy. They've passed the quiz. But when speed, authority, or ambiguity shows up, knowledge alone isn't enough. Behaviour under pressure is a different thing entirely.

📊

Leadership sees a different picture

Executives often rate security culture 15-25 points higher than staff experience. That gap is invisible until you measure both sides, and it's where risk builds.

📋

Compliance ≠ behaviour

Regulators are moving beyond "did you train them?" toward "can you evidence how they behave?" DORA, NIST, and ISO all expect behavioural proof. Completion certificates aren't it.

How It Works

Three perspectives. One honest picture.

Instinct Lab triangulates data from leadership perception, staff experience, and observed behaviour to build a complete, evidence-backed view of your security culture.

1

Executive Baseline

Structured survey capturing leadership's perception of security behaviours across the organisation. How they think the culture operates: the governance view.

Perception data
2

Staff Baseline

Scenario-based survey measuring real decision-making, reporting instincts, and psychological safety. What people would actually do, not what they know they should.

Behavioural data
3

Observed Behaviour

Real-world evidence from simulations, exercises, and operational data. How people behave when the pressure is real and nobody's watching.

Evidence data
SII

Security Instinct Index

Your organisation's behavioural narrative. A composite score across Engagement, Culture, Awareness, and Instinct. It shows where your security culture actually sits, not where you think it does.

Engagement 20%Culture 25%Awareness 25%Instinct 30%
SBI

Secure Behaviour Index

The evidence layer. Maps directly to six measurable behaviour domains, each one tied to specific regulatory requirements. This is what you show the auditor.

Risk RecognitionSecure Decision MakingReporting BehaviourPsychological SafetyPrivilege DisciplineResilience Participation

Continuous Intelligence

A score today.
A direction over time.

A baseline tells you where you are. Refits tell you whether you're moving. Instinct Lab runs structured refit surveys at intervals you control, so you can track real behavioural change, not just reassure yourself with another training completion rate.

  • Pillar-level delta tracking across every refit cycle
  • Compare current scores against your frozen baseline
  • Spot which behaviours are improving and which are regressing
  • Board-ready evidence of programme impact over time
Instinct Lab SII Dashboard showing Security Instinct Index with pillar cards

Four Pillars

What actually drives secure behaviour?

Every data point maps to one of four behavioural pillars. Together, they show you where your people are strong, where the habits break down, and what to do about it.

🔵

Engagement

20% of SII

Do people care enough to pay attention? Curiosity, participation, and emotional investment in security. Not just showing up.

🟣

Culture

25% of SII

How security shows up between the training sessions. Shared expectations, psychological safety, and whether people actually speak up.

🟢

Awareness

25% of SII

Can people recognise risk in real time? Pattern recognition, clarity, and confidence when something feels off.

Instinct

30% of SII

The speed and quality of behaviour under pressure. Risk recognition, decision-making, and reporting without hesitation.

Instinct Lab Interventions page showing Q1 Security Culture Programme

From Data to Action

Scores tell you what to fix.
Interventions fix it.

Instinct Lab connects your behavioural data directly to structured improvement programmes. Every intervention is tied to specific pillars, teams, and sessions, so you're not running generic training. You're targeting the exact gaps your data identified.

Interventions include sessions facilitated by The Cyber Escape Room Co. like escape rooms and vishing campaigns, as well as self-run programmes, all tracked in one place with session-level observation scoring feeding back into your SII.

  • Log escape rooms, phishing campaigns, workshops and more
  • Track sessions, teams, dates and pillar targets in one view
  • Observation scores from each session feed directly into your dashboard
  • Run a refit when the programme closes to measure the impact

Behaviour Domains

Six behaviours. Every one mapped to regulation.

These aren't abstract categories. They're the specific behaviours that regulators expect, and that Instinct Lab measures with evidence, not self-assessment.

Risk Recognition

Can your people spot a threat, an anomaly, or a weakness before it becomes an incident?

NISTDORAISOCAFCE+

Secure Decision Making

When pressure hits and there's ambiguity, do they choose the secure option or take the shortcut?

NISTDORAISOCAFCE+NIS2

Reporting Behaviour

Do they escalate quickly and correctly? Or does shame, fear, or confusion slow everything down?

DORANISTISOCAF

Psychological Safety

Do people feel safe enough to report mistakes, raise concerns, and ask questions without fear?

NISTDORAISOCAF

Privilege Discipline

Do users respect least privilege? Do managers challenge unnecessary access? Are admin actions taken seriously?

CE+CAFISONIST

Resilience Participation

Do teams engage in exercises? Do they take simulations seriously? Do they retain learning post-incident?

DORANISTCAFISO

Observed Behaviour

What happens in
the room matters most.

Survey data tells you what people think they'd do. Observation scoring captures what they actually do: in a live escape room, a vishing simulation, or any facilitated session where the pressure is real.

Facilitators score 16 behavioural signals across all four pillars in real time. That data feeds directly into your SII and carries the heaviest weighting of all three sources.

  • 16 signals across Engagement, Culture, Awareness and Instinct
  • Dot-based scoring with behavioural anchors, not opinion
  • Feeds directly into pillar scores on your live dashboard
  • Counts for 40% of SII and 50% of the Instinct pillar
Instinct Lab observation scorecard with 16 signals across 4 pillars

Leadership Alignment

The gap your board can't see.

In most organisations, leadership rates security culture significantly higher than staff experience shows. Instinct Lab makes that gap visible and quantifies the risk it creates.

This isn't about who's right. It's about how far apart the two perspectives are. Because that distance is where incidents live.

0-5 Aligned
Healthy variance. Normal.
6-14 Moderate Gap
Some perceptual tension. Worth investigating.
15-24 Significant Gap
Leadership and staff experiencing security differently.
25+ Critical Misalignment
Strategic blind spot. High behavioural risk.

Alignment Gap: Sample Data

Engagement
12
Culture
24
Awareness
4
Instinct
34
Executive Perception
Staff Experience
Instinct Lab perception gap showing overall gap of 17 with leadership alignment track

Behavioural Insights

Numbers that explain themselves.

Every time your data updates, Instinct Lab generates a written interpretation for your CISO. Not a score summary. An actual reading of what the data means, where the risk is, and what to do about it.

Written in plain language. Grounded in behaviour. Structured for board conversations.

  • Triggered automatically when baseline data is confirmed
  • Covers behavioural position, exposure drivers and perception gaps
  • Plain language, not consultancy prose, not compliance-speak
  • Regenerates after every refit so your narrative stays current

Regulatory Alignment

Every behaviour mapped. Every framework covered.

Instinct Lab doesn't bolt regulation on as an afterthought. Every question, every behaviour domain, and every score maps directly to the frameworks your board cares about.

DORA
Digital Operational Resilience Act
NIST CSF 2.0
Cybersecurity Framework
ISO 27001
Information Security Management
NCSC CAF
Cyber Assessment Framework
CE+
Cyber Essentials Plus
NIS2
Network & Information Security

Every behaviour domain carries equal weight within each framework. No regulatory inflation. No special treatment. Just clean, defensible mapping you can present with confidence.

Scoring Model

Clear bands. No ambiguity.

Every score maps to a maturity band that means something specific, both for internal conversations and regulatory evidence.

0-44
Reactive
Behavioural posture likely insufficient for regulatory expectations
45-64
Developing
Some controls reflected in behaviour, gaps remain
65-84
Embedded
Behaviour broadly supports regulatory obligations
85+
Instinctive
Behaviour consistently reinforces regulatory intent

See where your organisation actually stands.

Request a demo of Instinct Lab. We'll walk you through the methodology, show you the dashboard, and explain exactly what it would look like for your organisation.

Request a Demo