Re: Actually.... most of the time XP crashes before the ramsomware can encrypt the drive
The question for you (to ask your two groups) is : if the mainframe gets hacked what are the dangers to the firm/customers.
If that mainframe carries the keys to all of your companies bank accounts, then it is a security risk, because even if the risk of exploit is small, the cost to the company could be huge.
if that mainframe carries the code to open the garage door then its not a security risk because frankly who gives a toss if it gets hacked.
Obviously, those are the two examples at the extreme ends, and naturally your data will be somewhere in the middle. But you need to way up the risk of getting hacked (low) with the damage that would be done.
As another example, if that mainframe carries the source code for your company's proprietary product and if that gets stolen, a competitor can drive you out of business, well then you probably want to add more security, because even if the chances of being hacked are low, because of the technical obsolescence, and the chances that the source code could be understood and utilised by a hacker are even lower, the risk to your firm is catastrophic. in that case, you dont take chances, no?