It's probably harder to hack into a financial instuation web server/network than to simply bring it to its knees via DoS attack. This article reports of several instances where bots are used to implement DoS attacks.

So here's an interesting question. Let's say you run a financial services site. You get an email say "pay us or we'll bring your site down". You don't pay, and your site experiences a massive DoS attack for a week. You lose a million bucks in business. Would you think it reasonable to sue the owners of the clients systems that are unwittingly particpating in this attack for not keeping their systems secured? I think that day is coming.

-brett hill