I work in risk management. RM does not try to cover everything that could potentially happen. That would be foolish and impossible and time-consuming. Assessing risk takes some wisdom and a clear knowledge of what is going on the world, not what you are afraid "might" happen.
Likelihood: I'll say low. This is not based on personal experience, but upon what I've read; I'm taking the word of Mac people themselves here. If you like, I'll even say "very low". "Impossible" isn't a word used in assessing risk, from what I remember, especially when it applies to the possibility of an error in millions of lines of code written and updated by many people over years.
Cost to protect: Relatively low. As I mentioned, I found Mac software in a quick search that adds up to $110 (don't know if that's a one-time cost or has to be renewed every year). In comparison, I pay $60/year for my business PCs and $0/year for my home-only PCs. But for business I consider $110 low.
Worst-case scenario: Extremely high. Potential loss of data leading to extensive downtime to rebuild, and potential theft of data.
So by that analysis, I could pay a relatively small amount to protect against the small chance of suffering an incredibly high cost. I cannot imagine why it would not make sense for me to do so. In comparison, I pay much more than $110/year for my car insurance, and while the likelihood of a car crash may be higher, I would much rather have to buy a new car than have my business data lost or stolen.
So tell me, how is that analysis wrong from a risk management perspective?