I see security as a scale. At one end of the scale, you have ultimate 100% security with zero usability. For example, I will just completely unplug. Now I'm secure --- secure because I can't actually use it. At the other end of the scale, you have ultimate usability and freedom but no security. So it then becomes up to the user to decide where they want to be on that scale and implement measures accordingly.
For example, about once a month I have a short IT segment at staff meetings to cover the basics. A couple months ago I started talking to the staff about 2 factor authentication. Of course everyone I have ever talked to about this is immediately turned off by the idea of it. On one hand, it's very secure to use it. But it's confusing for many people and so they don't use it. Personally I think it's pretty easy once you use it a bit. But most people are turned off to the idea.
As for iCloud, yes Apple dropped the ball. They can admit it or not but they really could've done more. That said, this is going to be true for every "cloud" company. It's all at risk. The problem them becomes the high value targets. Apple is a high value target and so is Jennifer Lawrence. So it was just a matter of time before something like this happened.
And yes, I agree that bank security is different than Dropbox or something. However, they are both companies that store data on servers that we as users access remotely. We rely on other people to keep our data safe. But then again, bank security doesn't get broken very often but it does get broken. Attackers find ways.