Software does not wear out. It will continue to do the same tasks today as it was doing 15 years ago. Many bugs have been found in that time, but if those bugs did not affect the operations 15 years ago, they won't affect the same operations today. There has of course been more malware developed, but that will only affect systems that are vulnerable to malware attacks - dedicated systems that cannot be seen on the Internet and don't get new applications installed won't get infected with malware. Besides which, malware that is being deployed today is far more likely to be targeting more modern OS's anyway.
So yes, it is bad if the PC's in question are directly on the Internet and/or having new stuff installed, but for PC's on a secure closed network or no network that are used only with original dedicated applications, it really doesn't matter how old the OS is. Some of my CNC machines are running the same OS (usually a Unix variant) that they were supplied with 25 years ago, and I have a Windows 3.11 PC I use very occasionally to make changes to old FPGA designs because the CAD software will not run on anything later, and the more modern FPGA CAD applications can't read the original design files (and probably don't support long obsolete Xilinx chips anyway).
What would you like to do? Spunk £billions of taxpayer's money on 1) upgrading hardware, 2) buying new OS licences, 3) contracting a software company to re-write all your bespoke applications for the new OS 4) Re-training staff for the inevitable differences in the way it works and 5) compensating for the inevitable delays, bugs and screw-ups?
Sometimes the saying, "If it works, don't fix it" is very relevant.