Evidence for your first 90 days as the AI-accountable executive.
Inside the first 90 days you owe three audiences evidence: a board update, an internal audit conversation, and a regulator-ready record. The £1,500 Risk Assessment produces that evidence from your own organisation, in two weeks, fixed scope.
Behind it sits the measured method: 847 organisations, 650,000+ employees, 73% retention on the same parallel-form measurement as the pre-training baseline. That is the behaviour-change training layer, documented to a standard that survives audit scrutiny. The drawer below holds every claim and how it was measured.
The drawer
Seven cards. Every claim sourced. Every methodology decision documented.
Click any card to expand. The first six document how the method is measured and why the numbers survive scrutiny. The seventh is how you get evidence to the same standard, built from your own organisation.
Cohort mean from the IntelXview research base, measured at 30 days using the same parallel-form question bank as the pre-training baseline.
The headline figure is not a vendor self-report. It is a 30-day cohort mean across the IntelXview research base, scored against a parallel-form pre/post assessment so that learners cannot game the post-test by remembering the pre-test. Per-programme retention ranges from 61% to 89% depending on incident type and audience. The per-programme range and confidence interval are available on request.
The ~12% reference baseline is treated as an order-of-magnitude anchor for annual scheduled awareness training, drawn from the broader literature on the Ebbinghaus forgetting curve and from public reporting on annual training outcomes. We do not claim every vendor sees 12%. It is a reference point, not a single-source benchmark.
Source: IntelXview cohort measurements. Reference points: Murre & Dros (PLoS ONE, 2015); Proofpoint State of the Phish (2024); SANS Security Awareness Reports (2022–2024).
The live evidence register
The technical dependency register behind our FCA/PRA proof pack is public: provider proofs, scenario coverage, audit-log evidence and operational-resilience mapping, each with its current state and residual action. It rebuilds from every verification run, with a signed manifest retained for 365 days.
View the live register →Why Month One
Three audiences. One evidence base. Inside the first 90 days.
Board update
A new CAIO is expected to give their first board update inside 90 days. The pack provides the cohort-level evidence; the Risk Assessment provides the in-organisation evidence.
Internal audit
Internal audit wants the same evidence in a different format: methodology, deviation handling, deidentified case data under NDA. The drawer is the starting point for that conversation.
Regulator / insurer
Framework-specific mapping (FCA Consumer Duty, NIS2, NIST AI RMF, ISO 42001) provided on request as part of the £1,500 Risk Assessment.
Walk into your next board meeting with evidence.
The £1,500 AI Data Leakage Risk Assessment produces the same calibre of evidence as this drawer, measured in your own organisation, in two weeks, fixed price.