Not true. There are 0 clicks/keypress necessary viruses out there that rip right through holes in servers without the user doing anything. They're certainly not as common as the "usual" types but no one is immune and you can bet state actors have a ton of those at their disposal as do well funded black hat crime syndicates.