One week ago, we received a warning that a critical security update for Drupal, which affected drupal 7 and 8 (and even 6, which is not supported anymore) was going to be released today. And we braced ourselves for updates.
A couple of years ago, it was a hard work for us to update a site if a security update was released. Nowadays our hosting and our processes are much better and simpler - and thanks to a team effort by our Live-team at Digitalist, we got our most vulnerable sites patched minutes after the security fix was released.
Digitalist Live Team patched in total around 1700 sites on our own hosting in less than 2 hours!
If you read the FAQ for the security issue - it is really critical to update - if the vulnerability is exploited all non-public data is accessible, and all data can be modified or deleted. Simply put - your site could be immediately hacked and taken over by someone else.
It is good to remember that the vulnerability has not been exploited anywhere that we know of. But after discolsure of a vulnerability, "black hat" hackers will immediately try to exploit Drupal sites. That is why it so important to act quickly and apply security updates once they become public.
Drupal is one of the most secure CMS systems available - and it stays that way due to its robust vulnerability-handling process.