To put it simple. If you don't install security updates for your web software it get's hacked. Not monitoring and taking care of your site means it's can be vulnerable already a day after that big "go live". No matter the CMS in use security updates and bug fixes must be taken care of or things go wrong sooner or later.
Software vulnerabilities are the main reason leading to the hacked web sites. Fixing the hack is pricy compared to the security maintenance not to mention the lost reputation, stolen data etc.
Since 2005 we have provided TYPO3 solutions for our clients. Not only development but full service with software maintenance and hosting or two of those combined. Keeping TYPO3 websites monitored, patched and users supported.
We have seen cases of hard learning. After a web hack security updates all of a sudden doesn't seem so irrelevant to any site owner. Make yourself a favour and quit thinking it doesn't happen to your site...
It's fairly easy to keep TYPO3 CMS up to date. Cost is very reasonable and security updates can be part of the hosting package, a maintenance agreement or included in a dedicated server deal.
Tell us about your TYPO3 setup and let's see what can we improve in keeping it safe.