> Sounds like the corporation's problem, willingly ignoring security updates.
A properly vetted update requires both compatibility testing and security testing. It would be irresponsible to push an OS update without verifying that it will not damage productivity or bring down defenses.
Businesses that provide or allow iOS devices need to be ready when new OSes are released to the public, which can easily be done since Apple offers regularly-updated betas for months in advance. This is particularly important because even managed devices cannot be prevented from upgrading to new OSes unless all traffic is routed through controlled networks that block access to Apple update servers.