The short answer to this question is: it depends.
Ideally, yes, running the latest version will minimise the risk of your site being hacked or the security being compromised. However, as sites grow with content and functionality, there can be compelling reasons not to upgrade - at least until a new release has become more established. The greater a site's complexity, the more checks are needed to ensure that the upgrade will run smoothly and there'll be no issues once its completed.
Like any piece of software, despite rigourous testing pre-release, its impossible for every use case of the software to be considered. Expression Engine's greatest strength of being infinitely flexible can also be its greatest weakness, and inevitably, there are bugs found by other developers. Unfortunately, sometimes these could be showstoppers for your site, so if performance or functionality on the site could be affected by the upgrade, the site is probably best left 'as is' until they've been addressed.
In addition, because of Expression Engine's add-ons (sub-sets of software that give EE extra features), its important to check that any add-ons or extensions running on your site will be compatible with the newest version.
The changlog will show where updates have been made, but unless you've been working behind the scenes of your site, the updates might not offer much of an explanation as they are targeted at developers.
Longer term, clearly your site will need to be updated. Servers, languages and code standards are constantly evolving, so the longer your site stands still, the greater the risk of something breaking in the future. Protecting your investment will ensure your site continues to grow with your business and is there for you day-in, day-out, 24/7.
For advice on whether you think you site should be updated, please contact us; we'd be happy to help.