I fully agree it's a legal problem, which is what my point was from the beginning — depending on the circumstances, it might apply to you or not.

Companies both have to have a set of "processes" in place for legal/compliance reasons, and an employee is liable if they do something that's outside the recommended practice (like using a personal device when forbidden by such policies).

Still, the focus should be on liability and ensuring compliance with legal terms, and an employee needs to make sure they do that. In some cases, that's easier done with a separate computer. In others (when there is no direct spelled-out requirement), downsides of using a separate device outweight the benefits of making compliance with legal terms easier.

As a side note, a browser zero-day is probably even more likely to target work computers, so that example is pretty bad — company data remaining on personal devices by accident is where the problem really is.