I don't understand why someone would "spent a LOT of money developing these systems" and then don't spent a small amount of money in periodically upgrading the basic framework.
Of course the system will still run if you don't change the hosting environment etc but there are numerous security updates since 1.7.2.