It is generally accepted that IoT devices are inherently insecure and that manufacturers have a long way to go to reassure security practitioners that the benefits outweigh the risks. Amongst the known cyber risks, denial of service (DDOS) could become a major risk, and security researchers have already shown how this could occur. If an insurance company is now offering a financial incentive to install an IoT alarm, are they also implicitly underwriting the potential cyber risks of using the device?