Part of the problem...
...is the history of updates. Users have had so many years now of stuff foisted on them that makes things worse, not better. No wonder no one wants to update anything.
The 1 in 20 with no screen password, well, are there third party alternatives in place like face lock, or something; and people think that's enough and that a "pain" pin isn't needed? I view figures like these with scepticism as things are never straightforward in the tech world.
But manufacturers have to put some of this blame on their own doorstep. If it ain't broke, don't fix it... and don't let the manufacturer have a chance to break it further with their bloatware, nagging applications, more notifications and stuff that, basically, makes people's lives worse.