[otakucode]

I would sooner expect a bank to accidentally share their private key on social media. Banks aren't bad at security by accident. They don't have good, solid security people working for them being held back by management (as some industries do). Banks take the long view on most things and are ill-prepared for dealing with something like security, where the situation changes moment by moment. They are also extremely loathe (more than most industries I would say) to spend a penny on anything which they can not predict a tangible return on investment.

Hmm.. with the large number of security firms popping up every day, has anyone actually done some studies and statistical analysis so that it can be said "If you save $200,000 this year by not hiring a competent security professional, there is a 30% chance your bank will lose more than $10 million in either direct intrusion or public scandal"? That is the sort of thing a banker needs to hear before he can determine whether it is actually WORTH being safe. And even then... hiring competent security people is really hard. How is a normal HR person supposed to be able to judge whether an applicant is competent?