Right now, businesses with no expertise in software can make poorly-designed IoTs because there is no cost associated with it.
Forbidding such things will be like whac-a-mole; but forcing businesses to provide security update support for 5 or 10 years if their product offers internet, wifi, or cellular data connections would make some businesses balk.
As with all things, these costs are off-loaded to the consumer and it leads to some serious problems when scaled.
From the business side, having a quantifiable cost for security would also extinguish some bad ideas; perhaps by the bean counters.
