Unfortunately the old analogy does not work as well as it used to, as the Forth Bridge is not being painted constantly (and in fact was never the case!). However there is a permanent maintenance crew working on the bridge, so it does work at one level.
Servers require maintenance; all sorts of maintenance, although here we are concerned only with security patches. Applying security patches is not a one off process, or something to be done only when someone reminds you of the necessity.
If you patch a server every three months, then the maximum amount of time the server may be vulnerable to a new vulnerability is three months. A vulnerability may well come out minutes or seconds after you have finished applying patches.