Is it time to take a 'safety first' approach to cyber-security?