No one says you wouldn’t encrypt on prem too. It just adds the extra layer of difficulty slurping everyone’s info all in one go. Someone would need to actually walk to the customers site and all to take their servers, potentially.

Remote access is a good point, but most commercial sensitive data (medical, manufacturing, etc) is location use restricted anyway.