It depends on your business and whether you are trying to protect your brand from confusion or imitators/scammers.
For most sites then you will only really need the .com and the the regional domain for the countries in which you operate (.co.uk, .de, .ca, etc) as most people will find your site through either searching on Google/Bing/etc or by just typing the name into their browser's address bar - which will normally try to go to the .com followed by other TLDs.
If your business is a brand that people will try and imitate and pass off as you - or a business with a large level of trust - such as a bank website - then it is important to buy variations that people could be tricked by. For example - if you ran BigBank.com, then as well as the country TLDs as above it would be important to also control BigBank.co and BigBank.cm as otherwise some less than savoury character could buy them and use them for phishing scamsas users would could confuse the domain with it being the real website. Similar problems would occur for other brands where counterfeiting is a problem, and other industries - banks are just a clear example.