I think this is way too simplistic. I’m not arguing that you’re wrong about lots of people not caring, you’re not wrong at all, but you’re also missing something huge here:
Technology may be ubiquitous, but understanding of it is not. I’ve talked with many people who *do* care, especially those who have been hacked or had their identity stolen because of a hack, but they honestly don’t know what to do about it.
Picking a secure product over an insecure product isn’t always possible. Most people simply aren’t equipped to do hands-on security testing of products and services, and many times all people have to go on is marketing hype crapped out by the company that makes the insecure product.
Initiatives like creating a sort of cyber nutrition label, if implemented correctly (might be impossible, but worth trying) could help. Holding IoT manufacturers accountable if their shitty insecure products are easily turned into a botnet that causes damage would be nice as well.
I guess my point is: some people do care, there just isn’t a proper feedback loop set up between them and their government or them and the manufacturers.