This article is extremely telling in terms of the true risks many of us face in supporting customers, either external or internal, from an IT security perspective. A lack of product and equipment maintenance, in terms of replacement schedules and upgrades, causes security issue after security issue, and frankly, the motivation to correct the problem by the customer comes way too late. Usually a system is either down or compromised or both.
System maintenance and system lifecycle management are important components to the success of any organization and should be talking points for any IT security professional when discussing risk management.