Recently, some folks involved in the NIST Cyber Security Framework process have suggested that the challenge is analogous to "safety" and thus a similar compilation of "best practices" is what we need. The thinking goes like this: If we just compile the "best practices" and then give everyone incentives to implement them, all will be good (or at least much better). Taking the health/safety analogy further, they say that we need to promote "cyber hygiene".
But cyber security is not like safety. It would be a grave mistake to treat it like they are the same or even similar.