Existing Grant Funding: Existing grant funding should be evaluated as an alternative to new funds. Congress could also evaluate including minimum cybersecurity protection standards in grant proposals for grantees dealing with issues such as national security, law enforcement, and critical infrastructures as a condition for receiving government funds. These would include general protection standards such as updating computer patches or running anti-virus software that would not be overly burdensome to grant recipients. Insurance: Congress should study whether the insurance industry can help play a role in increasing the level of cybersecurity of firms that purchase.