Unpatched machines have various degrees of risk. The most severe could lead to bots and ransomware like the Mirai botnet and WannaCry ransomware. Vulnerability assessment and patch management programs can identify the missing patches and prioritize which ones should be applied first in order to mitigate the highest risk. Compared to other cybersecurity issues, patch management is a cornerstone of basic cyber security hygiene. Without good patch management, many other cybersecurity initiatives will just flat out fail because the basics are just not covered. This is evident from recent breaches like Equifax and Fedex.