This a question that only be answered considering a great deal of variables. You've given one - when browsing activity is only on reputable websites.
A number of questions arise in my mind when you say that.
Web browsing, while the most likely place to contract a virus, is not the only way. Are you 100% sure that all of your connections and downloads are secure (aside from using a browser)? What about Java applications aside from in-browser (a major source of zero-day infections)? What about email and phishing tactics? A better question would be: are you universally aware of all the connections your computer has at a given time, and are you aware of whether any given one is secure?
How are you absolutely sure that the websites you visist haven't been infected themselves? Remember that a webserver on the other side of the world can be infected just as easily as you can from a zero-day infection. Combine this factor with the first: are you omniscient to know whether all of the connections your computer has are to servers that are on top of their patches?
And again, there are certainly many more variables besides these two.
Ultimately, this comes down to practice. In choosing to not to patch immediately, what you are essentially saying is that your computer usage habits are completely foolproof. You are also assuming that all of the websites you trust have patched their vulnerabilities.
As to the real, hard number statistic of how vulnerable you are, that really depends on how true all those factors are. If your browsing habits and PC's connections are completely foolproof, if your trusted websites really have done their work, then your chances of infection are 0%. However if one of those falls short of perfection, your risk increases. By how much? Well, I believe the answer to that question is:
It depends!
Here's another way to ask this question: If I have a hole in my umbrella that I'm completely unaware of, will it rain? And what part of me will get wet?
if someone had your ip address and has an automated tool (that just tries to exploit all vulnerabilities) is being hacked almost certain? – Wuschelbeutel Kartoffelhuhn – 2013-08-13T20:45:25.883
no... many of these zero day exploits are very specific to an application or executable that are behind firewalls. An exploit isnt exploitable if its not reachable. – Keltari – 2013-08-13T20:47:56.087
browsing only reputable website mean nothing to current virus and hacking. Although it is true that window update break things more than help. company not apply window updates in 0 days usually have many other remedies, which are essential to cover up the holes, – None – 2013-08-14T10:57:52.307
1"Many companies do not apply Windows updates for weeks or even a month or more." — true, but what does that imply? Many companies are still on Windows XP. I wouldn't say that such implies that they understand what they're doing. – Arjan – 2013-08-14T11:30:06.523
"It's far more likely a Windows update breaks compatibility with an application". This is hardly the case anymore. You are comparing two very low risks. – Jan Doggen – 2013-08-14T11:36:29.400