When I started coding nearly 40 years ago, other than basic passwords on Unix, security was an afterthought. Regrettably that history carried forward well past the year 2000 and even until today, with negligence far from uncommon.
One core issue is simply not raising risks that need not exist; see my commentary at petapixel.com in Sony’s Camera Firmware Updater is a Major Security Risk, Expert Warns. In that case, Sony’s updater requires kernel-level access. Rather than doing firmware updates of cameras the right way (all in-camera), Sony chooses to instead create a kernel extension so that the most critical of security protections is thus bypassed. Thus millions of users take on the risk of comprised computers should Sony’s code ever by compromised (remember, a kernel extension can be signed after it has been compromised!). Perhaps Sony cameras cannot update firmware in-camera (Nikon and Canon and Fujifilm can); if so that is a major design flaw IMO.
Another major issue are many millions of devices that have either poor security or no security. It’s no laughing matter that a dam might be remotely controlled to open all floodgates and kill thousands. Or a power plant or chemical plant to self destruct in various ways, and so on.
Water could do damage in other places too; see Hackers can take over Car Wash, trap you and smash your vehicle. For numerous other examples, see IoT Hall-of-Shame.
Who is at fault? Many, many companies for whom security was just a nuisance and an extra cost, so why bother. That age is seemingly over, we can hope.
It is a invariant fact that security flaws always exist and always will. Remember that when buying anything electronic.
What you can do
First of all, be careful with sex toys as some of them can be hacked:
The database pertaining to all customers data was accessible via internet in such a way that explicit images, chat logs, sexual orientation, email addresses and passwords in clear text were compromised.
I used this example for a reason: remote control of anything is in many cases IMO a very bad idea because most of the time it adds little or no value, and yet it incurs yet one more vector into your home or business network.
Anything in your home or business that can get to the internet in any way should be replaced if its security cannot be ensured (and in some cases, even without the internet). Because if it can get to the internet, it is probably through your home or business WiFi or similar, thus it becomes an unlocked door into the building.
Don’t even get me started on internet-connected cars, a feature I’d pay to remove. Sometime in the future (especially with self-driving cars), it is very likely that people will be killed (murdered) by cars getting hacked. From across the world.
Maybe someone out there really does need milk and TV-dinners and pickles delivered when the TV finds too few remaining, but internet-connected refrigerators seemed an idiotic idea to me years ago, and still do. They solve no real problem, add cost and things to break and debug and update and patch (do you really want to update your refrigerator like Apple’s iOS nuisance?).