Many successful data thefts and attacks relied on vulnerabilities that had patches available
First please heed this: If you are a large or small business leader or associate do not patch before you test that patch with any specialized software – that is any software other than generic office apps, like Microsoft (R) Office apps. Even commercial scheduling software should be tested. At least make sure that you create a Restore Point. before updating. Of course, Windows is supposed to create one for you. Do not bet your operation on that!
Many highly publicized data breaches occurred because firms did not patch or update software. For example Equifax had at least two months to patch/update specific software before 143 million people had their personal information stolen. And some Equifax personnel were even aware of the need to patch the software in question. The U.S. Office of Personnel Management lost several million security clearance background investigation details because a contractor failed to update his computer.
As mentioned in My take on security, even if an individual believes that their information is not important enough to be stolen or abused, it can and will be collected and used.
Update your software.