This is what happens when Drupal or WordPress security updates are ignored - nothing. Yet again, maybe your website gets hacked, malicious code is inserted into page templates, and next thing you know, you’re in the business of selling Motilium, as happened recently on an actual website we had to fix.
It takes a lot more work to remove infected code than to apply a security update every once in a while. Not to mention having to staff up to handle all those new sales inquiries.