Answer:
Banks are historically better prepared against attacks that your retail competitors, however, you are also required to comply with HIPAA (health information), PCI DSS (credit & debit card), TR39\TG3 (ATM) and others. Unfortunately, over 60% of companies, banks included, are unsure of where this information is found on their own networks.