Many orgs haven't deployed LAPS yet. I know, lame, but its a fact. Even fewer have migrated to use DAWs, 2FA, delegated creds or the other top ways to secure AD. Its really complicated to do on a production environment of >1000 users.
Many networks are essentially flat, and don't make use of intra-network firewalling. So a compromised client can do MAC flooding, DNS spoofing, send SMB requests to other clients, pretend to be a printer, etc. All of these are preventable, but it just isn't in the mindset of most security orgs.
But the main reason that people don't have local admin is a psychological one: managers don't understand security and have a paranoid need to lock everything down for end users, even though they are not the main threat vector, and are the people who generate revenue.
Many networks are essentially flat, and don't make use of intra-network firewalling. So a compromised client can do MAC flooding, DNS spoofing, send SMB requests to other clients, pretend to be a printer, etc. All of these are preventable, but it just isn't in the mindset of most security orgs.
But the main reason that people don't have local admin is a psychological one: managers don't understand security and have a paranoid need to lock everything down for end users, even though they are not the main threat vector, and are the people who generate revenue.