Just as your desktop software, you should keep your WordPress software up to date as well. With WordPress running a majority of websites now, more attackers are looking for vulnerabilities as it would have a high return rate for them. There have been various vulnerabilities identified with WordPress in the past, and they have a good track record of addressing them in a timely manner.

If you have a recent WordPress installation (3.7 or above),  then you likely have automatic updates for WordPress core already going. That is certainly good news as its one less thing to remember, but I generally don’t like automatic updates because it doesn’t give you the ability to test and make sure your site is fully working.

As to your plugins and themes, you will want to make a habit out of logging into the WordPress admin panel and check for updates at least on a monthly basis (just as you should be doing with your normal desktop updates). Or if you want to take the automatic updates approach for plugins and themes as well, there is a plugin called Advanced Automatic Updates which will do that activity for you.

Also note that some web providers / hosts perform updates on your behalf already, so you should understand the built in options at a server and host level.