There is actually a deeper issue than corporate security competence.
Imagine that a bunch of soldiers stormed the front door to their datacenter with APCs, tanks, and artillery support. They then removed hard drives and proceeded across the border to some other country. Would you consider this a bank security problem?
Banks don't have this problem because the government provides physical security against these kinds of threats. Sure, the bank is expected to lock the doors and have some guards, but they aren't expected to stop an attack of arbitrary determination.
With the internet we benefit from the free exchange of data across national borders. However, at the same time this means that computer security can be subjected to attacks of arbitrary sophistication, and national governments have generally not intervened.
Now, I'm sure more could be done to secure the average corporate network, the reality is that state actors are free to develop more and more sophisticated attacks free of interference. If I wanted to hack into some foreign bank I probably would have the FBI kicking down my doors before I got too far with it. The same is not true of an NSA agent doing the same thing.
I think the only real solution to this sort of problem involves border control. Establish agreements with nations to cooperate on prosecuting computer crime, and heavily firewall communications or block them entirely at the borders. Parties to the agreement would agree to not accept traffic from countries that aren't parties to the agreement. The downside to such a policy is obvious - far less freedom of communication, and that will probably support dictatorships and such abroad since we'll effectively be providing the firewalls for them.
Either that, or we just accept that data stored on networked computers is going to be insecure. There is no reason to think that security is a game where the defenders can ever win - that certainly hasn't been our experience in physical security.