This article argues that stabilisation must be the UK’s priority. Drawing together the lessons of history and the critique of the DSIT Cyber Policy 2025, it calls for a practitioner-led ecosystem that ends programme churn, addresses regional imbalance, unlocks university IP, and resists government attempts to build commercial products. The vision is of hubs and networks rooted in delivery and credibility — a cyber base resilient enough to sustain long-term growth. Unless these foundations are secured, the UK will remain trapped in cycles of ambition without durability.