Well it's the choice between the devil you know and the devil you don't know.
Kidding aside, if you're using a mainline release, all the later revisions should be just bug fixes. So in theory, it would always be best to run the latest so that you don't encounter a bug that's already been corrected.
In practice, often the bugs are exotic, so you might not bump into them. Further, sometimes the fix makes a new problem. So, many prefer not to update unless they have bumped into a problem and it's documented as fixed in a later patch level.
Perhaps a middle of the road approach is move to newer versions when it's early in the life cycle but only apply updates late in the life cycle for correcting a problem you're having.
With a mainline release, an easy demarcation of the where the patches are in the life cycle is when a release is announce as GD, for general deployment. (NB: 12.4 hasn't yet.)
For non-mainline releases, besides bug fixes, there's often feature enhancements for hardware or software. So, you might want to be especially careful in updating if feature enhancements are included, unless it's one you believe you need.
Something else to note, if you find your release has been deferred, you probably want to update it.
Specifically for your 2811 running 12.4(3h), the most current is now up to 12.4(18). Going by the above, i.e. 12.4(3h) is an early release, and the fact there's even (3i) and (3j), newer would likely be better.
PS:
You can always read the release notes which will not only document what's been corrected, but often note known issues that are still unresolved.