This is exactly what WannaCry was banking on.
ZD Net explains:
After the global cyberattacks on Friday that infected hundreds of thousands of computer with the WannaCry ransomware, the blame game has begun.
Who was behind the attack? How did the NSA lose control of its hacking tools used as part of this huge ransomware attack? Should we blame Microsoft for not patching older versions of Windows that were left vulnerable to the attack?
As it happens, thousands of businesses may only have themselves to blame.
According to recently released data from IT networking site Spiceworks, about half of all businesses still have at least one computer running Windows XP, despite the aging operating system losing Microsoft security support after more than a decade since its release in early-2014.