They probably want update the JVM for security purposes, though. There's plenty that will absolutely kill you in any public facing JVM from more than a few years back. The first release of 7 has at least two very bad denial of service attacks that allow a remote user to saturate as many CPUs on your server as they like, all they need to do is send magic http headers to your tomcat or whatever.

People say that about operating systems, yet you have businesses running Windows XP still simply because they don't want to update. Yes, there's ones that don't for compatibility, but there are some that don't upgrade simply because they don't want to.