My simple-minded approach is: "If they can hack Microsoft or the military or…., then my computer can't be a great challenge so I should at least do what I can."
You would think. But experts say that many, perhaps most, of the biggest data losses could have been prevented by the simple expedient of keeping up to date with the latest updates and patches. But look at the number of people here on FineTunedMac who, for whatever reasons, are unwilling to upgrade from older no longer supported OS versions with known vulnerabilities that Apple is no longer going to patch. They are choosing to have a less secure system.
I am not criticizing their choice, because they each have what they believe to be a compelling reason not to change and
they are only risking their own systems and data. But when the DoD, the IRS, the FBI, major corporations,
etc. make similar choices they are endangering the data of tens of thousands, if not hundreds of thousands, or even millions, of other people and institutions. There are a number of civil lawsuits currently in the courts over this and inevitably the companies and agencies will suffer significant financial penalties but never enough to fully compensate the injured victims.
