I assume when your computer software needs updating your probably excited to discover what new features might have been included. On some systems you don't get the choice.
A large part of what a software developer does is to keep your software secure. As hackers and mal-intents find new ways to get into our computers, networks and websites the developers are always going to be slightly behind the game. So it really is important to keep everything as up to date as possible, and not just for any new features.
Sometimes the updates aren't perfect and have been known to cause problems, generally minor, but annoying none the less. Some I know have a policy of delaying the update to see if any issues do arise on colleagues systems or appear in the press. I would suggest this is a bad idea. Now your hackers are looking for those that still have that vulnerability, and they'll be progressively fewer of those which means the chances of the attention being focused on you are increasing higher. I have seen the reality of this, so beware.
Websites are no exception. If you have a website based on Joomla, Wordpress and one of the other big platforms your are lucky. They have thousands of users. Many of those users are very experienced and feed back any security issues. There is a secure way of doing this. On a platform such as Joomla there are literally hundreds of developers who will immediatley get onto the matter and find a fix. That then gets published and the website owners notified.
But there are also all the widgets, templates, extensions and plugins that go to make your website function as it does. These are a bit more of an unknown but they most be kept up to date. These come from developers large and small so the amount of support they get is rather variable. This is where a support agreement with your webperson is so important as they will stay on top of this and try to ensure that all aspects of your website are kept as secure as the software available will allow.
Cavespider, right up to date