International standards?
Seems to me the ITU, IEC and ISO should be falling over themselves to mandate basic standards for (I)OT security design.
Without that, the industry will save money by ignoring the problem. The ancient principle of caveat emptor (let the buyer beware) applies, right alongside the well-known "there's one born every minute", especially among technology consumers.