That last paragraph seems very relevant here. Even with paper checks and monthly paper statements, the bank can get hacked, or any storre you might go to gets hacked. Ones own personal security is miniscule compared to a bank or store that retains things electronicly.
Basicly, all it takes is a skimmer at a gas station, or a hack at the local store. And I note the "third-party agreements" with data collection/storage at many large entities, banks included.
No one wants to be responsible for whhat is inherently by design insecure.
JM2% interest
8Geee
Firefox addons sandboxing
From a total outsider perspective here in the UK it seems that the policy is to accept the cost of many small losses (to the bank) for the flexibility and service (revenues) that opens up. i.e. skimmed by brushing past with a scanner or petrol station skimming ..etc. for £100 type amounts taken/claimed ... for the 2% type payment/revenue on all spending/usage.No one wants to be responsible for what is inherently by design insecure.
For larger amounts, such as stock brokerage accounts, my personal experience is that anything over £5K and more often transfers don't go automatically through and you have to start phoning around to complete the transfer. Those accounts also tend to be to/from named/fixed accounts, such that even if my stock brokerage account was hacked into, the only place a transfer of funds can be made to is a fixed other account (at least without having to jump through hoops i.e. direct person to person contact and vetting processes to get that changed).
As you say, individuals are a very small part of the whole and are dwarfed by retail/business banking volumes/revenues. From a criminals perspective its more likely much more viable to walk up/down say Oxford Street with a scanner and capture 100's of card payment transfers for relatively small amounts being taken from each, which the banks tend to individually overlook, than it would be to hack individual PC's. Paths of least resistance, least footprint left. Or, for the high end 'take', target/hack the main servers and strive to eradicate trace-back ... akin to physically robbing a bank i.e. few/far between, much more of evidence left to be traced/caught in return for potential higher one-off rewards.
Much of PC vulnerabilities tends to be more about news of potential exploits being found ... that a hacker 'could' potentially have exploited. A hacker actually exploiting a PC hack however risks high chance of being traced/caught for little reward prospect. Only worth potentially doing from a criminals perspective if they can hack many systems at near the same time and secure a financial benefit from each and run/hide/escape thereafter. Which is still pretty dumb from their perspective when there are easier and potentially less easily traced alternatives such as brush-by skimming. Which has promoted more surveillance/monitoring (cameras and trackers everywhere). Yottabyte centres that perhaps capture real time mobile phone cell identifier, facial recognition, payment card usage, number plate recognition ... etc type activity that can be interrogated by a process of elimination to pin down the most likely 'suspect' very quickly.
For the average person that isn't surrounded by security (risk of family members being kidnapped etc.) the risk of actually being hacked are pretty low (and when so, more likely by geekish kids that gain little/nothing financially from doing so) such that even modest online financial activity protection tends to suffice as a barrier/block and where the risk of loss of data (family pictures ...etc.) are at greater risk. Personal data backups ... irreplaceable/invaluable should be the priority backup. System backups much much less so (relatively easily/quickly replaced if the need so arose).