Patch management ensures that all the known security or stability issues are resolved. To patch or not to patch should not be a debate you have to have; yet there are so many systems out there that run without all the patches.
There is the possibility that by applying security patches they will break functionality that you have been using and therefore adequate testing needs to be performed. An un-patched system will result in a more costly fix should it fail as any assistance sought from the vendors will only be given after the system is brought up to date. Can you afford not to patch?