As with any popular software, updates and upgrades are a regular part of life. Magento is no exception; and there is a development team at Magento and an active community of Magento developers that help contribute to Magento updates and upgrades.
Software updates (patches) and upgrades occur for a number of reasons:
- Addition of new features
- Bug fixes
- Security enhancements or fixes
- Performance enhancements
Perhaps the most important reason to implement an update or upgrade is security. Your business may not need the new features available with an upgrade, or it might not be using certain buggy features that are corrected with an update, but everyone is potentially at risk because of security holes.
If your site becomes compromised, it is not just your business and reputation that is impacted, but your customers and merchants also. They may have been exposed to long-term consequences.
In addition to suffering potential financial loss due to stolen information (i.e. credit cards), customers could suffer identity theft with other personal information that was compromised.
Merchants could suffer damage to their reputations and loss of customers.
Moreover, there are legal and financial consequences that go beyond that of the immediate security breach. There could be lawsuits or threats of lawsuits and business my experience higher processing fees or have there privileges revoked from financial institutions.
Security is important and staying up-to-date with patches can limit the likelihood of your website being compromised.
Be sure to consult Magento's Security Best Practices page for guidance.