Online banking or shopping: What's more secure?

scyther5 | iStock | Getty Images

With troubling headlines this week about five banks being hacked, consumers are again faced with questions about the vulnerability of their online transactions.

The scope of the bank attacks is still rather vague, with only JPMorgan acknowledging a breach and an FBI investigation, though not yet detailing what information might have been compromised.

Rep. Mike Rogers, R-Mich., chairman of the House Intelligence Committee, called the breaches "very sophisticated" and were likely state-sponsored. There have been reports that Russian hackers were to blame.

Read MoreUS bank group: Unaware of 'significant' cyberattack

Hackers target US banks

Despite the online intrusions, a cybersecurity expert told CNBC on Friday that financial companies are "way ahead of the game" with online protections compared to their peers in other industries.

"It's not to say they are doing great. There's a lot of improvement on the financial side." said David Kennedy, a so-called "white hat" hacker who is hired by clients to try to break into their systems.

For its part, the American Bankers Association said: "Banks have the highest level of security among U.S. industries. At the same time, there is always room for improvement, and as a result the industry dedicates hundreds of millions of dollars annually to data security and constantly monitors for evolving threats."

Kennedy, head of computer security consulting firm TrustedSec pointed out in a "Squawk Box" interview that online banking terms and conditions are very consumer friendly. "If your bank information gets hacked you're not liable for that type of funds."

Kennedy said retailers are behind. "When you start ... ordering things online, those are when you have the highest risk of your credit card being cloned and fraudulent charges being activated," he said.

Recently, retail locations at UPS, P.F. Chang, SuperValu, and Albertsons have experienced debit and credit card data breaches. Last year during the holiday shopping season, Target disclosed a massive cyberattack that's still having reverberations on the retailer's brand.

Kennedy said Google's gmail and Apple's iPhones and iPads are "pretty locked down."

"It doesn't mean to say [they] can't be hacked," he warned.

One of the most vulnerable sectors to hackers is the medical industry "by far," Kennedy said. "Hospitals, medical research, devices, all of those are probably the worst right now we see."

The National Retail Federation and the American Medical Group Association did not immediately respond to CNBC's request for comment.

—By CNBC's Matthew J. Belvedere