Nowadays, threats are everywhere. As soon as your computer is on, connected to the internet, it's theorectically in danger.
Sure, chances someone out there is specifically targeting you or your home computer are rather slim (well, unless you work the government).
This scenario changes if your computer is a business computer or if you have a website or even an e-commerce site. The reasons why someone is targeting you are plentiful, ranging from a random attack to a disgruntled ex-employee.
Similarly plentiful are the ways to harm your data — one harmless looking link sending you to a website containing malicious code, a phishing email pretending to be from your bank, a rootkit on the server or a DOS attack on your website.
Simple precautionary measures often are enough to prevent most attacks.
Most security violations are easily possible because well-known holes were left open, patches were not applied, code was not updated. Downloadable kits on the internet give even the most unskilled wannabe-hacker the opportunity to exploit these without any knowledge of the matter, just by clicking a button.
Unpatched browsers still allow for the execution of code while you are unsuspectingly looking at a website. Many servers still are unprotected against SQL-injection attacks. Right now your computer could already be part of a world-wide zombie network.
You do have a backup, don't you?