> Supposedly, there was a court ruling that held a bank liable for a customer’s losses due to lack of security precautions.

You already wrote as much in the article, but (AFAIK) the reality is even worse: there were court rulings that exonerated banks, as long as they followed the standard "security practices." Some hacker from China could access the bank's website from a suspicious IP, drain all the money from a poor guy's account, but the bank has zero obligation to do anything as long as it mandated that all users install half a dozen security plugins all the time.