canadianvice :
I'm no fool, but that said, I'm certain companies would have a far easier go of defending themselves from a lawsuit on the basis that they were running up to date software and took all plausible precautions.
If a company's leak causes significant damages, they will have to compensate regardless of how up-to-date and top-notch their precautions may have been and having a computer running XP is not necessarily negligent if the computers in questions are for most intents and purposes operating stand-alone such as industrial applications where computers that control processes are often networked over RS485 or other uncommon networks by traditional desktop standards over which malware would extremely unlikely to successfully propagate since that would require malware written with intimate knowledge of the control software running on the industrial PC at the other end of the RS485 link.
Another example of equipment running XP that is unlikely to ever get upgrades nor likely to get chucked by their owners any time soon either: Agilent has made entire laboratory equipment lines based on Windows XP. Companies are not going to throw away their $500 000 spectrum analyzers, $25 000 oscilloscopes and logic analyzers just because Windows XP is no longer supported if the equipment still meets the company's testing, troubleshooting and validation/certification requirements.
So, while a lawsuit may argue that data was put at risk due to (some) systems running outdated OSes, they would first need to prove that those systems were actually involved in the data breach and then prove that it would not have happened if the system had been upgraded before the fact could have any effect on compensation. If whatever allowed the data breach to occur would have gone through even with Windows 8.1, then the whole argument falls flat on its face.
Now, XP is not the only OS that got embedded in devices that are unlikely to ever get an upgrade: there is a slew of embedded and realtime OSes powering countless devices out there... soon enough, even your networked toaster will be running something like vxWorks or Android. How many years are you expecting your toaster manufacturer to support their vxWorks or Android toaster firmware build?