Have you ever looked through the log files for your website? You would be surprised at the number of hacking attempts, even if they are unsuccessful the sheer volume means that any weaknesses in your code or you server set up will eventually yield results for the attacker.
Many will fondly remember the days when Hackers were juvenile delinquents, sitting in their bedrooms all night drinking Pepsi Max and trying to access the FBI website, or Microsoft or some other big target, and any success would earn them little more than kudos from their peers (and maybe a short stay in a Young Offenders Institution!). Perhaps that's why many website owners don't take security seriously, they still think they're unlikely to be targeted because they're too insignificant.
It's true, the majority of hacking attempts are now undertaken by Criminal Organisations and in some cases may even be State Sponsored. No target is too small, if there is sensitive data (particularly Credit Card information) passing through your website you need to protect yourself. Many hacks are not even obvious, they can be incredibly sophisticated and may occur over months and even years. The rewards for the hackers can be high and the risks very low, particularly where the crime occurs in another country.
This comes as a surprise to many website owners, they assume the Hosting company, the Web Development company, the Merchant Bank, somebody else is responsible, they're not, YOU are.
So, how do you guarantee your site can't be hacked, well, the short answer is, you can't.
What you can do, however, is minimise the risk. For a start, don't keep anything you don't need on the server, and especially don't process Credit Card data yourself (for which you need to be PCI Compliant) - pass this risk on to a third party, e.g. a Payment Gateway. Keep everything else locked down with access only provided to those who really need it (restricted by IP address). Above all, don't assume Security of your website is the responsibility of your hosting provider. hosting companies provide storage and bandwidth and a few related services, they don't provide security other than physical security (keeping the building secure and connected to the Internet).
Did you ask them to? Is it part of the Website Development contract?
The truth is, Security was probably the last thing on your mind when you commissioned the website, and, because most Web Developers know that Clients base their decision to award a contract primarily on cost, security isn't even part of the debate. Because security is something that tends to happen 'behind the scenes', many web developers are not even aware of the problems poor coding and vulnerable server setups are likely to cause their clients. However, choosing a developer who understands security will also ensure your website outperforms badly coded websites in terms of speed, scalabilty, reliability and on search engine results.
Hire a Development Company that is experienced enough to code the site properly in the first place, one who has a thorough 'penetration testing' regime, that uses a reputable Hosting company and a server with an additional Hardware firewall that restricts access to their server. You guessed it, at UKdynamo Limited we understand that security is important and we code defensively to protect against SQL injection, Parameter tampering, Cross Site Scripting (XSS) and numerous other attacks. Access to the server is severely restricted to those that really need it through IP permissions on the firewall, we also take numerous other precautions that I won't list here, for Security reasons!