Intel isn't the security issue here, people are.
"as this is most likely unchanged on most corporate laptops"
This issue is the same problem as leaving the front door of a building unlocked and unattended - lack of physical security. It isn't the fault of the door or the lock manufacturer, but a failure of corporate management to practice due diligence.
If someone cannot get into a building who should not be there, someone cannot gain physical access to a computer who should not have it, and there is no security system that prevents "inside jobs".
It has been proven time and time again that shared passwords can not provide high level security, and that data stored on a "personal" computer is insecure, even if it is encrypted in the machine's storage.
In practice, it would be virtually impossible to have a separate password for every computer in a corporation. Hundreds or thousands of machines are maintained by a staff of dozens with 25% annual turnover. Even if a corporation had its IT department set a BIOS password, it is ridiculous to assume that password would not leak, and there is no simle way to change thousands of passwords.
In the case of the Intel/BIOS issue, the fundamantal architecture of the modern computer is a kludge of insecure components, integrated into an unreliable appliance that is administered by unreliable people with no system of standards that they are held accountable for following.
The closest thing to a secure PC is a one that assumes it has been hacked, has NO firmware configuration and has multilevel secure boot that checks BIOS, kernel, OS and apps every time that the machine is started up. If that machine is connected to a network the network must be equally secured.
The poor quality software available today that requires a constant stream of updates and patches,is defective from date of inetallation through retirement. Of course it has security loopholes.