IMO, one of the greatest threats to any computer, including Macs, is probably phishing. The second are the vulnerabilities that may exist in our devices.
Apple products are designed to be secure but new vulnerabilities are being discovered and fixed all the time, so we need to keep our devices up to date. And take reasonable steps to minimize the damage should someone access our devices. One of my favorites is:
“an administrator should create a standard user account to use when administrator privileges are not needed. If the security of a standard user is compromised, the potential harm is far more limited than if the user has administrator privileges.”