Security on IoT devices is usually dismissed, generating vulnerabilities that can be exploited very easily by cyber criminals. Meanwhile OWASP methodology could be used partially, every IoT device is completely different from the other one and have its own ecosystem.
There is a great lack of awareness of manufacturers about the vulnerabilities that may exist in an IoT ecosystem and the complexity of the security level that this ecosystem supposes. Another reasons could be the scarsity of cyber security experts in this type of devices.
One of the great challenges of the IoT security is the number of endpoints connected in a network. Each endpoint may offer a point of entry to cyber criminals, when the attack surface expands to all the connected devices the rist for the organizaction could be significant.