Imo, big regulations ain't going to help with people not securing their devices. It might help with better security defaults and punishing companies for bad security, but I've seen "well-intentioned" regulations backfire too often, so I am skeptical.

IoT is a factor, but this was a problem even before IoT became a thing, I think.

There is no easy way out of this, people will need to learn some digital hygiene.

I am probably biased.