This answer is specific to the USA & Canada - I have no experience elsewhere.

Should ICOs be considered a Security? - Great question.

We're wrestling with this right now with our new exchange startup in Canada.  (The laws here are very similar to the USA.)

There is a lot of confusion about what is a currently a security, what is/was a security offering, etc.

I am not a lawyer - But I do have a settlement with the SEC for offering securities on my Bitcoin and Litecoin sites back in 2013.  The most simple explanation for a security offering I think would be whether or not you are making a payment (via money, time, or services) to the creator of the asset in exchange for coins/tokens/etc, and whether or not you are expecting to make a profit as the result of their work.  If both of the above are true, the ICO is almost certainly a security offering.

Another red flag is if the offering is for a product that does not yet exist, though that aspect is not all that clear to me and I'm still figuring it out.

After the Initial (Coin) Offering - is the Asset a Security?

This one is harder - but if you go back to the initial offering above as a starting point - If the initial offering was a security offering then that's a pretty good indicator that the asset itself is a security.

I say it's a good indicator because some assets that started as a security later ceased to be a security because the asset was no longer dependent on the work of a central party, or because people buying it were no longer buying it with the expectation of making a profit.  Ethereum is a great example.  When they launched it was a security.  But over time enough developers came in that even if the founders disappeared, the network would run on it's own.  Also - while some people buy ETH as an investment, many people genuinely buy it for utility or for commerce without expectation of profit from price speculation.

Hope that helps!