Are local/regional banks more likely to have better security practices? I'd think they have worse ones, especially since they don't have the money for cybersecurity consultants which are usually fixed cost.