Every software has bugs — some of them are security vulnerabilities.
When developers fix them, they release updates (patches).
If you don’t install updates, you leave known holes open for hackers to exploit.
Example:
In 2017, the WannaCry ransomware infected 200,000+ devices using a vulnerability that was already patched by Microsoft.