You do not need to update to 2.X straight away to maintain security patching. 

Instead, go to https://magento.com/tech-resources/download and click "Release Archives". There will then be a section called "Magento Open Source Patches - 1.x". You should review each one of those and ensure that they've been installed on your store. Alternatively, you can updated to the latest 1.X version which currently is 1.9.3.6. 

Magento hasn't announced end of life (no more security patches) for 1.X as of yet though they have said that they will give 18 months notice of when they chose to. 

Hi Tom,

Thank you for your reply.

I went on https://magento.com/tech-resources/download and i saw that the last patch has been released on july 2012 (ver 1.7.0.2 - Added Jul 5, 2012 ).

It means that between 2012 and 2017 i don't have anymore updates. If i want to have a secure website, i need to upgrade to 1.9.3.6 right ?

thank you

Hi @alexmob,

As @Tom Robertshaw said you have a few options.

Stay with your current version and apply all the patches

Even the last patch has a version for Magento 1.7.x

Upgrade to the lastest Magento 1.9.3.x

You'll get all the patches too and some extra improvents and features (i.e: configurable swtaches).

Move to Magento2

You should understand the moving from Magento 1 to Magento 2 is not "just and upgrade". It will be the right direction if you want to move forward but is not just an upgrade and you will need to make a plan to be sure that everything will work or to know which things will change.

As you can see, there are several options and there isn't just 1 solution that fits for all stores at the same time.