what happens when security training Actually lands
Word spread so quickly we ended up with a waiting list. 97% positive feedback. 94% said they'd do it again. Makes key cyber behaviours stick.
— CISO, The Telegraph
what happens when security training Actually lands
Word spread so quickly we ended up with a waiting list. 97% positive feedback. 94% said they'd do it again. Makes key cyber behaviours stick.
— CISO, The Telegraph
86%
Reduction in phishing susceptibility over 12 months with immersive training.
KnowBe4 Phishing Benchmarking Report (2025) · 14.5M users
96%
Of employees who took risky actions already knew they were risky.
Proofpoint State of the Phish (2024) · n=7,500 across 15 countries
1.7%
Average difference between trained & untrained groups after annual compliance training.
Ho et al. (2025) UC San Diego / University of Chicago · n=19,500
Your people aren't careless. They're just unprepared.
96% of employees who took a risky security action knew it was risky as the time. This is not an awareness failure. It's a behaviour failure. Those are different problems that need different solutions.
A randomised study of 19,500 employees found no measurable difference between groups who completed mandatory annual training and those who hadn't. The gap? 1.7%.
The brain doesn't learn through slides. It learns through experience, emotion, and consequence. Always has.
The cost of
getting it wrong
£4.4M
Global average cost of a breach in 2025
60%
Of breaches involve the human element
38%
Breach cost reduction with immersive training
61%
Fail basic security quiz after completing training
10%
Of training spend that actually transfers to behaviour change
Choose Your Adventure
What People Say
The most impactful messaging we've been able to deliver - a level of impact and understanding we haven't previously achieved.
Marie Jeffery, BISO ⋅ Peabody
It has been critically useful to focus people's attention on the threats, and what they can do to reduce risk.
CISO ⋅ Ministry of Defence
It brought to life how good security hygiene is so important and made everyone think about how they can put this into action daily.
Rebekah Hobday, Infosec Assurance Manager ⋅ LV=
It's not just training. It's an experience that genuinely changes behaviour.
Sally Bolton, Cyber Human Risk Manager ⋅ Scottish Power Energy Networks
We've done the reading so you don't have to.
The research, the framework, the book. Everything that explains why we do it this way. And why most programmes don't work.
The Behaviour Cycle
Human risk isn't a people problem. It's a design problem. The Behaviour Cycle is the three-lever system - Engagement, Culture, Instinct - that explains why most security programmes fail at the same stage, and how to fix it.
The Data Behind The Discourse
Four papers. Neuroscience, memory science, breach economics, and the data on why annual compliance training has no measurable effect. Cited, sourced, and written for people who actually want to understand the problem.
May I Have Your Attention, Please?
The ultimate guide to engagement in immersive learning. Written by Amy Stokes-Waters, founder of The Cyber Escape Room Co. Covers memory, pressure, decision-making, and why most training is designed for dashboards rather than brains.