I don't see why it would be different for personal digital security than in the physical world.
Nowadays a house is no more protected against break-ins than a hundred years ago.
Usually people install an alarm system after the first break-in (ask me how I know ;-) and hope it will be enough. It usually is.
I think some companies will sell a kind of home firewall that will protect your vulnerable IOT things. It will be vulnerable too but like a physical alarm system raise the bar for the would be attacker.
The infosec guys all seem to think like soldiers at war and believe that if a breach happen, game over you lost forever.
For normal people, a digital security breach like with a break-in sucks, it costs money but life goes on, you just adapt your security to the most common threat and according to your budget while knowing that a sufficiently determined attacker will ALWAYS gets his way.
Generally, if you get robbed (in the UK at least) then people are looking for high-value, easily-fenced items that they can sell off, and that's it. I live in a borderline rough area of a decent town, and have been burgled - my neighbours more than once, so alas speak from experience and from what the Police have told me. They don't tend to go upstairs and nick your diary or your list of passwords, etc.
Being robbed in the virtual world can be much worse - while there may be no physical loss in many cases, having your identity truly stolen and the losses you get from it can devastate your life for years to come - spending a lot of time dealing with issues which the robbers created, such as poor credit, etc. And these attacks can come from anywhere in the world. You need to be physically present to be a burglar. To ream someone via an IoT security flaw, you can be anywhere. And given some of the "how did they miss that" security flaws in many such devices, it's leaving people wide open to all sorts of new attacks.
Plus there's also the parallel of people defecating in the houses they've robbed - it's a piece of cake to delete someone's photos, videos and backups, leaving them completely bereft of something that has no monetary value, but which has an immense sentimental one.
If you're murdered you at least have an estate. Identity theft can, in some ways, be worse than that. You may end up having to fight to have a single cent to your name.
The automatability of attacks makes it qualitatively different, though. Home IoT, yes, you 'just' turn it off and carry on (although I can see circumstances where elderly and vulnerable people could die relying on a malfunctioning monitor or heating system). Commercial IoT and especially SCADA is potentially a bigger disaster.
Nowadays a house is no more protected against break-ins than a hundred years ago.
Usually people install an alarm system after the first break-in (ask me how I know ;-) and hope it will be enough. It usually is.
I think some companies will sell a kind of home firewall that will protect your vulnerable IOT things. It will be vulnerable too but like a physical alarm system raise the bar for the would be attacker.
The infosec guys all seem to think like soldiers at war and believe that if a breach happen, game over you lost forever.
For normal people, a digital security breach like with a break-in sucks, it costs money but life goes on, you just adapt your security to the most common threat and according to your budget while knowing that a sufficiently determined attacker will ALWAYS gets his way.
I still hate those IOT things though ;-)