Assume that you, on your end (company or individual) are doing everything right. You're not clicking on unknown links in emails, you're not opening any attachment from suspicious parties and you aren't going to any bad sites you shouldn't be. At least not on company time and if so, using a virtual machine that can be ditched if necessary AND with documented permission from immediate management.
But what about the party on the other end? What about companies with which your organization does business? What about organizations you don't control? Here's a nice list of issues:
Alexa/Google type assistants
Hospitals
Government organizations
businesses you shop with
Financial institutions
Phone, VPN and communications providers
Businesses purchased that haven't integrated their networks with the new owner securely yet
Email providers
Social Networks
Well? Are you sure all those parties are taking good care of your personal information? Even if an APT (advanced persistent threat) isn't interested in you, various scummy individuals and groups are looking for your info all the time, if only to resell it to another creep. I'll call this risk an "organization leak".
There's also the tendency of newer networking protocols to track your location more effectively. Things like your DOB or credit card number can be guessed by random generators. And cameras or phones pointed at you by somebody else (person or business) could save images or other recordings of you and not require your permission to do so. Put that together with facial recognition (or voice recognition if they have enough to go on) and that's another category of captured information you don't control. I'll call this risk "analysis exposure".
Given the environment of saved data above, with files and files being created everywhere regarding you while being identified with at least some of your personal information attached or associated, imagine that some time later, somebody gets interested in you. At that time, might they get hold of a super database harvesting script that spent, oh, 60 days prospecting around the 'net for anything it could find? And remember: this example presumes a third or fourth party completely unrelated to the organizations that collected or originated the data (a party that merely takes advantage of lack of organizational security, updates or oversight). I'll call this risk "data inventory exposure".
And do you use cloud storage? I'll call this risk "backup location exposure".
And in the near future, will it no longer be possible to buy a gizmo that's not wireless? Wired-only or no-connectivity options exist for various devices now but imagine if cost and convenience force out the availability of a power switch or card slot by which you could opt out of the info flow? I'll call this risk "transmission jailing".
So if in the long run there's no actual security anymore, consider that there MIGHT be if you try to keep a secret by not dealing with it over channels you can't prove are secure. I'll not recommend anything but then, I don't know what channels you use anyway. If you need to be secure about something, it might be best to go out-of-band... depending on what band is normal for you. Carrier pigeon? Marconi? Tin can telephone? Smoke signal? I have no inkling of what will work in your case. But then, the bad guy probably won't either.
