This article, written in reaction to the DSIT Cyber Policy 2025, traces the uneven history of the UK’s cyber economy. From CESG’s secretive assurance role to NCSC’s public authority and DSIT’s contested remit, the story is one of incremental gains but persistent churn. Programmes such as Cyber Essentials, CyberFirst, CyberASAP, Cyber Runway, and Cyber Resilience Centres have delivered value but lacked continuity, scale, and coherence. Unless the government commits to stabilisation and long-term delivery, the UK will continue to recycle initiatives rather than build a durable cyber base.