Legacy systems often lack vendor support, which means that no new security patches or updates are provided to address vulnerabilities discovered after the end of support. This makes them more susceptible to exploitation by attackers who can take advantage of these vulnerabilities.