Banks have a much, MUCH larger attack surface than an iPhone. And a whole lot more of the weakest point in any system: the humans who need to access it. There’s an old adage in cybersecurity: What’s the easiest way to get an employee’s password? You ask them for it. You’d be shocked how many hacks are pulled that way. Kevin Mitnick got famous doing just that. With any large organization you’re pretty much guaranteed to have someone gullible enough to just give you their password, especially if you create an employee ID for some bogus IT support company.