Alan Smithee (who must have been laid off from moviemaking) at Matasano does a good job describing the risks associated with automatic patching put forth by Duebendorfer and Frei in Why Silent Updates Boost Security. This is only part of the cost-benefit scenario that should be evaluated when considering your patch strategy. The other side is the (potential) reduced risk associated with a faster patch cycle.

I wrote an article in Information Security Magazine that highlighted a great patch timing paper by Beattie, Shostack, and Cowen, et. al. Here is an excerpt:

The other side of the equation is weighing the risk of leaving your
systems unpatched. Put another way, what's the cost of not doing
anything? This is a far more complex determination, incorporating the
cost of recovery for stricken systems and the value of the system at
risk adjusted for the likelihood that it will be compromised.

It is worth considering the potential downside of automatic updates, but patch failures are only one aspect of a more complex equation.