Files can easily get lost if you don't have good protection on your website. A few of those files might be stored on your computer and easily replaceable, but what about the rest of them? If you lose them the first time where are you going to get them from again? Especially fix malware problem is vital. Many times, long-term sites have a good deal of data and have made a large number of documents. Recreating all that would be a nightmare, and not something any business owner would like to do.
Also, don't make the mistake of believing that your hosting company will have your back as far as WordPress copies go. Not always. It's been my experience that the hosting company may or might not be doing proper backups, while they say that they do. Take that kind of chance?
1 thing you can take is to delete the default administrator account. This is important because if you don't do it, malicious user know a user name which they could try to crack.
BACK UP your site regularly and keep a copy on your own computer and storage. Back if you have a very active website. You spend a whole lot of time and money on your website, don't skip this! Is BackupBuddy, no back up plugins, widgets, find out here your files and database. Need to move your site this will do it!
Do i loved this your homework and some hunting, but if you are pressed for time and need to get this done once and for all, try out the WordPress security plugin that I use. It's a relief to know that my website (and business!) are secure.