There is another option
Instead of buying a newer version of Microsoft's trojan factory, er, Office, convert your enterprise to an open-source product such as OpenOffice. Patches for newly-discovered vulnerabilities *always* come faster for open-source products (probably because the developers are alos the users, and therefor they have a personal stake in ensuring security).
The cost savings alone is justification; an "upgrade" version of Office 2007 Standard costs US$197.99 plus shipping from Amazon. A typical small business will therefor spend in the neighborhood of US$20,000 to move to Office 2007 (and that doesn't include the costs of retraining the staff to use the new software, which, of course, works differently to Office 97, 200, and 2003). Converting to OpenOffice costs nothing (again, ignoring retraining - but since OpenOffice is a "work-alike" for MS Office 2000, those costs will be significantly less than the move to Office 2007).