It's probably harder to hack into a financial instuation web server/network than to simply bring it to its knees via DoS attack. This MSNBC.com article http://www.msnbc.msn.com/id/6436834/ reports of several instances where bots are used to implement DoS attacks.
So here's an interesting question. Let's say you run a financial services site. You get an email say "pay us or we'll bring your site down". You don't pay, and your site experiences a massive DoS attack for a week. You lose a million bucks in business. Would you think it reasonable to sue the owners of the clients systems that are unwittingly particpating in this attack for not keeping their systems secured? I think that day is coming.