Aren't anti-malware software and similar expenses needed regardless of browser version? This is a cost that can't be avoided so the upgrade isn't going to eliminate that and save money in the long run.
It is my experience that the risks are exponentially higher the further you get from the "flagship" product. This is also true for Firefox - if you don't update as updates become available you will soon find yourself with something bad on your machine if you're not careful (and on Windows). Plus, while Windows 7 built-in protection isn't great (which, if they went past IE6 they should upgrade the OS too), it does prevent some massive system-wide changes and rootkits.