You could make an argument that not using banking apps decreases your security, since most banks use either SMS or those apps as the second factor while confirming the operations. It is true that the apps are of varying quality, but SMS is not really a serious alternative. Some banks do have apps that are limited to confirming operations, and one bank where I live did recently start accepting U2F, which is amazing news.
IANAL nor intelligent, but after skimming the text of the directive I felt like the definition of damage is very limited. In particular, if I understand correctly:
would not be covered by this directive, this directive is only about a human being hurt in some way,
would be covered in case of “your game installs a kernel-level anticheat and the anticheat breaks PCs”, but not in the case of “you uploaded an upgrade to a firmware of the washing machine you produced and it bricked the machines”; the directive is not about a product breaking, but about the product breaking your health, other property or data,
is basically the exact case this directive covers.