“Any company that handles privileged customer information that could be used for identity theft and lets employee owned compters onto it’s network is eventually going to pay dearly for it.”
A better approach is:
“Any company that handles privileged customer information that doesn’t properly segregate it at the network level is eventually going to pay dearly for it.”
USB drives are far more ubiquitous than Macs. Also, the vast majority of positions at almost all companies requires no access to such information.
Active Directory Group Policy can disable the use of USB drives on domain-joined Windows computers, and prevent network access by non-domain joined computers. Macs cannot be joined to an Active Directory network, or be controlled by AD Group Policy.
As far as whether a "position" requires access to the information, once non-secured computers are allowed onto the network then you're faced with trying to control who can and cannot use those computers.
If you have that kind of information on your network, there is no rationializing allowing employees to access that data from a non-corporate computer as being anything but very bad practice.