I am the CISO for a FTSE 100 company and we have had the same policy for more than two years.
If a technically competent person wants to steal data to which they are given any sort of access, they will likely succeed. However, implementing restrictions like this has two big benefits.
Firstly, it forces staff to use a more controllable and auditable approach to data transfer. When our staff share information on Google Drive, for example, they can retain a considerable degree of control over what is done with that data including revoking access and preventing further sharing. My team and also monitor transfers (including examining the content for personal information) and keep a forensic trail. This reduces the risk of mistakes and permits my team and me to examine the circumstances of mistakes.
Secondly, this limits the ability of less technically competent but malicious members of staff to harm our business.
Can I absolutely stop people stealing our data? Probably not. Can I reduce the risk that someone will do something stupid or malicious? I absolutely can and I have. The sky has not fallen in. In fact, no-one really cares.