Some e-commerce operators delay or avoid installing security updates because they fear updates will break site features or because they underestimate the risk, and leaving systems unpatched increases exposure to attackers.
high
operational-risk
Describes common operational reasons for not applying security patches and the resulting risk.