And all Sony had to do was regularly back up, encrypt and delete the emails off their servers. This is the prime thing motivating their actions and driving their fear. And protect sensitive documents better but that seems secondary.
Leaving an ever accumlating pile of embarassing communications for someone to steal and then extort you for is not a national security weakness.
I don't know about you, but my ability to search and retrieve emails from months or years ago is critical in my job. You make it sound like it's an obvious choice.
As peeters said, most organizations rely upon the historical volume of emails to operate effectively. This isn't a simple solution.
Add that a narrative around this story is that the hackers "spear phished" an IT admin. This is incredibly difficult to defend against for any organization (seriously -- for all of the browbeating against Sony on here -- it's all so simple -- I would argue that there are zero organizations that would withstand a concerted, targeted attack. Most would fall in a day). Not only did they purportedly co-opt a privileged account, they then sat on it for months.
Over months they could have changed policies, retrieved backups, and on and on.
When blaming Sony, everyone needs to remember that Snowden, a Dell contractor working at the NSA with limited access, took the King's Ransom from what is assumed to be the pinnacle of computer security and awareness.
Leaving an ever accumlating pile of embarassing communications for someone to steal and then extort you for is not a national security weakness.