Thanks for sharing this. You mention banking - protecting money seems like a much higher incentive for blue team than say, the security of a forum or online game server.
Unfortunately not at the FIs I have worked for. Their approach seems to be "give the illusion of security while covering any actual losses with insurance".
I think there needs to be greater punishment for companies that lose customer information. Only then will the incentives be large enough for something to be done.
It's hard to put a price on good will and customer trust. Every C level should realize that their company is an information company and take appropriate action.
