This whole attitude of business sticking with XP gives off the vibe that they want to keep their employees in a vacuum.
Most employees of these companies have their own computers running windows 7, so the argument of retraining I think is only partially correct.
Legacy software is an issue, but at some point if you persist to hold onto the old technology, you become like the IRS with boxes of card punch decks stuffed in heating vents a decade or two later.
Security is also like insurance -- it is expensive when you are humming along (i.e. weighing the cost of upgrading to latest OS when everything is working OK), but cheap when it saves you. Windows 7 is fundamentally more secure.
Also, very old hardware becomes a bottleneck. This causes a block to develop new applications because the existing hardware cannot run them, which then continues in the avalanche of falling behind.
This is why most professionals view consulting firms with a jaundiced eye. We are still running some XP stuff, most of it for legacy issues. The cost per machine, as far as maintenance goes, is actually a little higher for Win 7 than on XP. Not enough to matter.
Of course we maintain our network, application control and Internet access. We monitor thumb drives and other detachable storage. At home (and in my nonprofit support role) the same seems to apply. The reality is that there are things intelligent user communities do. If you do not, it will hurt.
If you take the maintenance cost matrix in context, this will make Win7 pretty expensive after you buy new PCs, upgrade older PCs and replace peripherals. Oh, that really is why we don't upgrade. I guess intuition is not nearly as bad as we thought.
I see Microsoft propaganda machine is back in full swing. Windows 7 cheaper than Windows XP? Yeah, and Windows is better than OS/2...