It's a bit of an extreme measure, but you may want to "crack" into the network, get some sensitive data and report it back to the IT manager's boss. It seems the IT manager is being irresponsible which can cost the company. The boss's boss might be more interested in funding and applying security if he understood the risk.