So can it be hacked? Sure.
I just acquired a new alarm/home automation system and have chosen Alarm.com as my cloud based monitoring company. Alarm.com uses a dual communicator path to communicate to/from the alarm system. Primary path is internet access. Secondary path is cellular 4G LTE. So, if one path fails the other kicks in. Alarm.com uses 128 bit AES encryption to encrypt all communication to/from the alarm system. This includes the alarm info such as security and fire info but also all the home automation info.
I checked the AES Wiki https://en.wikipedia.org/wiki/Advanced_Encryption_Standard and the 128 AES bit encryption has not yet been broken.
IMHO, other cloud based monitoring systems would use similar methods.