I have to agree with Steven. A significant portion of my family is involved in banking IT - also one of my cranky online peers. Everything Steven outlines is SOP and has been for a spell.
The article y'all spun from is one I looked at a few days back and considered for any of the blogs I'm involved with - and rejected it because it's hopelessly out of date. As the author of the study noted. There really isn't a commercial sector more likely to be on top of their own security - than banking.
Ancillary performers? Different story. But, for example, send your best hacker to try to break into someone like HSBC. I'll bet you a dollar they don't make it in. And that's 4 times more than I usually bet on anything.