progress...?
I work for a very large corporate in the UK (poosibly the largest employer in the UK) and we've already instigated the upgrade to SP3. So your artical is partically incorrect, however you didn't say all corps so I'll refrain from flaming.
You mentioned that many large corps involved 3rd party companies to help with support and this can both muddy the water, and create longer gaps between roll outs. However this can also be affected by the IT staff ensuring that everything still works after the update (in the test enviroment) and not just rolling out a patch and waiting to see what breaks. Many corps don't go for the suck it and see approach. We tend to test shit before we break it!
It's worth noting though that the last major IT related headache we had ONLY affected SP3 machines and SP2 machines carried on regardless.
http://www.theregister.co.uk/2010/04/22/mcafee_false_positive_analysis/
So much for SP3 being progress?
I thought it was a little unfair to say we're "ill-prepared". Had you concidered that we might have more complex systems to test and work through compared to your average 10-20 employ company?
Paris cos Sp3 as secure as her underwear