The PCI DSS, a collection of security requirements set by the card schemes (like Visa and Mastercard), apply to all merchants that process payments. If you don't follow these standards, you can be fined by the card schemes.
[Card schemes have recommended urgent action](https://usa.visa.com/content/dam/VCOM/global/support-legal/documents/acquirer-advisory-magento-migration.pdf), making clear that merchants who fail to migrate from Magento 1 by the end of June 2020 will fall out of compliance with PCI DSS and, as a result, may be subject to fines.
With no future official upgrades and patches, websites remaining on Magento 1 may degrade and become unstable, making them increasingly vulnerable to data breaches and other security risks.
Not only would this damage your brand and reputation as you lose the trust of your customers, but you could also be fined in the case of a suspected breach.