Because their target markets contain both people who'll gladly spend 50 quid on the latest account security dongle, as well as people who have a Pentium 4 desktop and a 50 quid feature phone. The latter get much more secure when apart from a password, probably on a post it stuck next to the screen, they are inconvenienced to also type in a few digits from SMS.

You are 100% correct. But I'm genuinely curious why institutions such as banks/telcos couldn't spare the resources to offer both SMS 2FA and more secure options for those who do care. I can't imagine it's a matter of technical resources as it wouldn't take much. Is it institutional inertia? technical debt?

Security model of banks is completely different from everything else. They will only consider 2FA if the total calculated cost /to them/ becomes significant if they don't.

...and if they were to offer a more advanced 2fa option, it'd possibly only appeal to a niche of users that wouldn't significant change (improve) their calculated cost?

That's why they probably wouldn't roll out to a voluntary subset on regular accounts.

Tbf, I've had a handful accounts in a few different countries. I've had proper 2FA in most of them (the one I've started with around 2005 uses printed one use codes), SMS codes in one and no 2FA in one.

They also (most likely) include many other, even network packet level checks in addition to primary and secondary authentication. Its not as simple as it looks to the honest end user.