The same people who don't patch their windows machines won't patch their linux machines.I don't think that's a good generalization to make. I used to not patch my windows machine because something annoying always ended up breaking after the update. Granted, this usually happened after upgrading a driver from Windows Update, but occasionally I had to reinstall a piece of software after an OS update, which made me wonder if I had just neutralized the update. Now that I use Debian fulltime, I don't even think about it - cron-apt installs available patches from security.debian.org every 12 hours on all my machines.
If I cared enough to be more vigilant (or was being paid to do so) I would, but I can't be bothered when there are more important things to do than keep miscreants off my network. Automated security updates for Debian work for me and haven't broken a thing compared to Microsoft updates.