NSA's Information Assurance Division (not the spooks) works hard to help and to convince Big Corp to clean up their act. They recognize that financial IT security is fundamental to national security. Also, the FBI has a group that works to help companies improve security. So you might reach out to one of them.
The fundamental problem is typified by Home Depot's management - as a Redditor noted, when IT asked for budget to implement essential security, their upper management said, "We sell nails and hammers. We don't need that." Now it may well cost them $1 billion.
Here are a couple of rules of thumb you can tell your management. These are straight from web security and biometrics people I work with. A website breach (e.g. Target, Ebay, Home Depot, JPM) costs the company an average of $178 per customer (not website user - _customer_). That is a number that should invoke heart palpitations in the CFO - multiplied by the number of customers, it's probably more than the value of the company.
In the healthcare industry, a single lost or misplaced laptop will cost a minimum of $2.5 million in fines (HIPAA violations), liability, paying for patients to get identity theft insurance, etc. - even if no data is actually compromised and the laptop is recovered! If data actually makes it into the black hat world, the price goes up by multiples.