Re: problem is not IoT, it's no "home (as in private) networks".
"All my home devices are on a closed network and would have to, at least, go out through a proxy,"
until they open ports on the firewall using uPNP
IoT devices are being used quite successfully as DDOS vectors because home networks _don't_ firewall output traffic. If you're fingered as part of a DDoS botnet and you haven't secured your devices, what will your insurer do with your public liability insurance (hint: wilful negligence clauses)
And there's the issue that if something gets cracked on your network and commands the (unsecured) toaster to fire up, how long will it take before your house burns down - and will the insurance company payout on that?