Ordinarily OS updates are most certainly required, the problem being XP is off official update support. So it may be more vulnerable because it is no longer supported (but avast continue to support it) and may be more vulnerable to attack/vulnerabilities.
XP still has a relatively large market share, still more than windows 10 and as such could still be a worthwhile target for malware.
So you need to be more proactive in your approach to security and having backups is just one method. In XP I run DropMyRights on every internet facing program (browser/s, email, etc.), whilst this doesn't prevent your getting infected, but it can limit the damage.
As you can see from my signature (below my posts) that I still use XP as my main system even though I also have win7 and a very recent notebook purchase with windows 10. On this XP system I do a weekly full system backup (Drive Image) and I keep the last six backup copies.