A recent US report (2020) from the Solarium Commission highlights a number of federal issues for cyber security in the US. Should government take the lead in cyber security risk modelling and certification? Cyber attacks have resulted in significant losses of IP, data theft and the consequential financial damages associated with ransomware, as one threat vector. It recommended calling for congress to fund a research and development centre for cyber insurance? As observation was made about the ability of the insurance industry to price cyber security products appropriately and for certification standards for the insurance?