Some people don't prefer to apply patches very often.
Others neglect the CPU patches either because they don't know that they exist or because they don't care much about it since they use their systems internally.
Security breaches most often come from within the organization.
It the organization does not have IT people especially those who may have bad intentions, it is relatively safe to skip some quarterly patches.
Have a look at
Patches are cumulative. You can check the bugs fixed by patch through readme.So based on that you can decide.