For most businesses, website security is “just set it and forget it”. In today’s world, this tends tobe a mistake.
Most attacks on small businesses are mass attacks. Just probe a million sites, see which ofthem are weak and hack them. It is possible to detect the initial probe and react quickly to stop the attacks.