The lack of a business case..

In March 2019 the UK’s House of Commons Committee of Public Accounts reviewed The Cabinet Office’s National Cyber Security Strategy (2016 - 2021). The conclusions and recommendations of the review are available here:

Perhaps the sharpest Committee conclusion is “The Department cannot justify how its approach to cyber security is delivering value for money.” At face value this seems a damning performance indictment.