"...I know people in IT who retain paper copies of all their internet banking statements."
Well this is terrifying but not entirely unexpected. In my relatively short amount of time working in the real world, I've seen things I wouldn't believe. I do not know how things get accomplished and things don't go wrong all the time. As a collective group, companies are ignorant, disorganized, lack communication, and lack seeing anywhere between right now and a year from now. They've got what they need to do this week. They've got a 5 year plan. But no one seems keep track of anything in between. Also, in non-technical companies, no one seems to care about the technical side of things. When I left my company in August, I was the only person with every FTP, SFTP, private key, and web account. Social media, amazon, ebay, vimeo, half a dozen overseas retailers. Web hosting. Online backups. Hardware accounts. Etc. I also was the only person with knowledge of half a dozen accounts for clients - web hosting, b2b services, white labeled, not white labeled, encrypted, not encrypted, cms, etc. If I were to be hit by a train at any point in time, I don't know how they would have regained access to some of these accounts and information. It wouldn't have been the end of the world. They would have lost a couple grand, some data, probably a good amount of hours on the phone with customer support, and it would have been fine. A couple accounts would've slipped through the cracks until a yearly renewals showed up on the CC or an invoice was mailed. They probably would have lost a bunch of stuff they didn't even know they lost. If we had lost everything, we could have gotten away with it for a long, long time because our customers wouldn't have even noticed for a long, long time. I mean, its the same reason AOL still makes money off their internet services. It ain't because people are using them. It's because businesses don't notice the charge each month. But I wasn't working for a banking company. Or an IT company. Or a company where anything lost would have truly caused problems on a wide scale. Our customers were other brands, who were equally disorganized, not consumers with data to lose. It was scary how little these brands knew about what we were doing too. We set up some pretty high end systems but had no where to send the information in case their relationship with us ended or anything. I still set up servers or hosting or encryption for clients and send them a packet with information and they say "I don't know why you're sending me this. I don't know how this works. Just handle it." What if I die? What if you hire someone else? How do you expect them to access the files? Don't you want to know you have the ability to access to the shit that runs your business?
The scariest thing though is I don't know if anyone is operating any different than we were. Every Fortune 500 I've worked with seems to be in the exact same boat. Coca Cola made $1.71 billion this past quarter. They run IE8 and have passwords that would make my mother cringe. If it aint broke, don't fix it? I'm not sure. Maybe the Sony hack will make some people wake up. Or maybe it'll take a bank hack to really get it to hit home. Whatever it is, I assume that anything I don't have tripled backed up in my control will be lost. I assume everything I send will be read. And I don't know what I'll do when I have more than $10k in my bank account because the paranoia that it'll be lost will probably kill me.