IoT devices are just computers so all the threats that we’re used to from the computer world get transferred into any IoT device. In addition, they tend to be low cost, not well designed, built offshore, so they have more vulnerabilities. They tend to be deeply embedded in networks and organizations so they have a lot of access. They often control physical processes.
They turn on and off the power, they drive your car, they’re medical devices, which means the effects of a hack can be much more dangerous.