Chalk and cheese between the common home user (and SME businesses) and big business/government, broadly six reasons :

(a) The latter can afford to write Microsoft a big fat cheque after April in order to continue receiving support and updates on XP for a limited period of time (even they can't continue paying forever ... I think the programme's going to run for 3 years).

(b) They have a substantial IT department (there will be people there whose sole job it is to deal with desktop systems and no other part of the IT estate..... maybe even one or two people who only deal with XP systems on the estate).

(c) As a result of (b) The systems are locked down tight on the corporate domain.

(d) The machines will either be on a separate VLAN with no internet access, or on a VLAN with internet access but which is heavily filtered upstream by corporate security infrastructure (e.g. emails are heavily vetted on their servers, web browsing is filtered elsewhere on the network etc.).

(e) Further to (d), they probably run IDS and IPS systems on their networks so they can detect and act on intrusions and infections.

(f) With the possible exception of point of sale tills which may run a little longer, there is no doubt an upgrade rollout programme in place for general IT infrastructure .... the fact that the average employee in the branch knows nothing about it is no surprise... the only people will know scheduling are HQ, the IT department and the branch manager.

Basically, in a corporate environment, desktops (and other end-user devices) are treated as dumb, unsafe, readily disposable and replaceable. Anything important is saved (files) or done (filtering, security etc.) elsewhere.

There is also a trend amongst certain types of corporates towards a new BYOD (Bring Your Own Device) where the corporate provides the infrastructure, and the employee brings the laptop/desktop/iPad to do their work on. This obviously only really works for environments where there is a large roaming or teleworker employee population, and also requires modern thinking on the part of the IT department (in addition to a wholesale rethinking and reconfiguration of security). Don't see it being a thing for Tesco given they are on a HQ and branch model. But its an interesting development no doubt (Shell were one of the surprising early adopters a few years ago as part of the Jericho Forum which they founded).

Due to lack of budget and manpower, life is different at home and in an SME, and why it is utterly unacceptable to run obsolete software that may have a substantial security impact (i.e. Operating Systems, Web Browsers, Email Clients etc.). Operating Systems being more dangerous than all others due to their being the foundation of all other security..... poor foundations = no security.