Re: What's the real danger ?
"We didn't have the money" is not a viable excuse for failing to abide by the law. In fact, it will just make the problem worse when you are compromised, then held responsible for running an "obsolete" and unsupported operating system on the servers, and then fined hugely. It's not the beancounters who will fall in that case, they will just say "Well, our IT guy said it was okay".
And as my more verbose post says - if you have that large a network, there's even less reason to cling onto operating systems that were designed before some of the kids that left the school I work at this year were even born.
Latest technology? No... because you'll want to spend a year or so testing ANYTHING on that scale - I am more suspicious of "zero day updating" than I am of letting working systems continue. A botched install without proper planning will provably cost you money. But equally running unsupported software over a decade old for no good reason other than "it costs money to replace", that's just asking for more trouble. I'm surprised you can even find new hardware that will boot it, to be honest. I haven't seen a 2003 driver for, say, a RAID controller in a while - and UEFI BIOS are quite common now.