Is there non human risk related to idle sessions?

Let’s say the OS is Windows or Linux

As a System Admin, I think the answer to this question is : NO

I always configure end users machine for auto lockout for a given idle session time. Because I’m think, if the user leaves the machine without locking it, I should try something to at least protect my network

What if I did not do that ? Do you think there could be reasonable risk not related to a malicious person taking advantage of an idle session ?