Oh, I agree it IS someone's responsibility, but so many of the people with laptops are entirely clueless when it comes to patching and with recent labor cuts IT doesn't have enough staff to dedicate the manpower necessary to do it. Frankly, it appears most manufacturing firms are quite lax when it comes to security, only finding it important once they're smacked really hard. Oddly enough, Mr. FourPeas' company has already been hit with viruses (what Fortune 500 hasn't), but still doesn't consider it that much of a priority until, of course, some virus/hack/dns starts reaking havoc yet again. As in many large manufacturing companies, the senior VP for IT doesn't have a background in technology. He's comes to IT from manufacturing because he was part of a computerized ERP implementation.
The cost of security, like the cost of quality, is so intangible. If it doesn't appear on the financials, it doesn't matter.