Re: It's not the OS you have to worry about
Cheers Ian, I think that depends on which market you work with. In my working life I never see these corporate and government machines you speak of (the ones still running XP because they have ancient intranet setups which depend on IE). I don't doubt that they exist, but I'd expect them to be a very small proportion of the massive total XP user base. To be fair, I mainly service the home, home office, and small business markets, with few corporate and no government clients, so I'd be unlikely to see those machines anyway. Nevertheless, I do not believe for one moment that the total of locked-in-by-IE XP systems in corporate and government use would add up to more than a small fraction of the whole. (Wild guess? Let's say 10%.) Further, these systems presumably have some at least notionally competent IT department staff to look after them. (A mixed blessing there, I freely grant.)
Then there are the completely clueless consumers you mention who don't even know what an operating system is, and yup, there are certainly plenty of them. The Microsoft end-of-support messages are bringing lots of these people out of the woodwork and everyone in retail IT is working longer hours just now to deal with all the upgrades. (I certainly am! A bit too much of a good thing right now.) Those that ignore the messages without understanding them will very likely fall victim to some scumbag malware in short order, but then these are the exact same people who have been getting viruses and spyware on their systems since Windows 95 was new and fast Internet was a 56k modem. I am not convinced that the end of Windows XP support will have all that much effect on these people: their already-high infection rate will double or even triple for a while and people like me will do a lot of malware removal and security reeducation. Shrug. We have been doing that for a couple of decades now, and this won't be the first spike in malware work, nor will it be the last one.
Thirdly, there is the vast pool of XP users who are not clueless (they range from near-clueless at one end of the scale right through to very bright and well-informed at the other). They are still using XP out of simple practicality. For these people - probably the largest single group of XP users by a fair margin - computers are just a tool which does the things that they require with a minimum of fuss, bother, and expense. These are practical people who don't throw working tools away without good reason.
But all of this is dancing around my main point, which is that the main problem here isn't Windows XP as such, it's the various Microsoft add-ons associated with XP, such as Internet Explorer and Media Player. A very large proportion of existing XP users have long since upgraded from IE to Firefox or Chrome, from OE to Thunderbird, from the Windows Picture and Fax viewer to Picassa or Irfanview, and/or from WMP to VLC or SMPlayer. The simplistic "XP is bad" message is largely wrong. The bad things (like IE) can be replaced (and often have been already) by superior alternatives and the remaining risk is by comparison quite small.
Does this mean that no-one should upgrade? Of course not. But it does mean that we (as IT professionals) should be advising clients on a case-by-case basis. For some XP users, the right answer is "do nothing, you already have good security and backup, and your system is low-risk". For others it is "buy a whole new machine, this one has reached the end of its useful working life", and for some it's "throw this machine away and just use your tablet, it's all you need". And for others again, it is "Let's upgrade to a newer OS version and, while we are at it, add some extra RAM and a few tweaks here and there". This last response is the right one for more than half of my users, but every case is different, and your client mix will vary, of course.