Is updating Ubuntu riskier than not?

Letting your installed OS get out of date raises the risk that a security flaw that was unknown the last time you installed or updated, but discovered (by black hat types) later, may not get fixed, leaving your system open to exploits, potentially including using your processor to mine cryptocurrency, making it part of a botnet used for hacking attacks or denial of service, stealing your private information stored in your system (including passwords for things like your bank and email), or installing ransomware.

A better path, if you have reason to suspect unreliable updates, is to delay installing updates. Many IT departments do this with their Windows updates, to be sure they won't promptly and broadly install one that bricks their hardware (been known to happen!).

The potential problem with Ubuntu and other Linux distros in this regard is there's no simple way to "sudo apt update-to-october". One way you might do this is to download the update files promptly, but hold them in a sort of quarantine for a period of time to watch for reports of problems before installing. Self-reminders using cron will help keep your schedule.

In general it is risky NOT to update. This is good explained in the answer before. But how to handle the unknown risk?
Over the years I've installed a lot of hardware to test on my second system. Sometimes I've messed up the system or my kernel and the normally harmless sudo apt-get update; apt-get dist-upgrade becomes a nightmare.

So I started with a special setup on this machine.

Partition 1: / (Main OS) (25 GB)
Partition 2: / (Main OS) (25 GB)
Partition 3: SWAP (8 GB)
Partition 4: /home (150 GB)
(Partition 5: /media  (250 GB), optional)

So I've used Partition 1 to install Ubuntu and use it for a while. At the point I messed the system up again, I've reinstalled Ubuntu on Partition 2. The Partition 1 is unused until Ubuntu broke again.

Maybe it sounds a little harsh, the above described situation happens about only once every two years. But since I've had the possibility to easy switch, I've done it more often.
In every case the settings will survive. Not only the /home, also the individual configs from /etc and so on are easily recoverable. Downgrades are possible, but I don't recommend them.
Even the switch from Ubuntu to Debian works this way. But I won't do this too often. There are some configuration file issues due to the version differences.

The directory /media also contains a ubuntu mirror, with the needed artchitecture. A long time I lived (even in Germany), without any fast internet connection, but I've done a lot of full reinstalls.

PS: I've also leaned the hard way, not to switch too often between apt-get, aptitude, apt, synamptic and so on. Using different dpkg frontends at the same time could lead to nearly unresolveable dependency issues in the running system.