Web security should be at the top of the priority list for any website owner, whether you have a two-page site or a large ecommerce store.
At the end of the day most website owners are out to make money. If not making money directly from the website, then as a marketing tool to engage with potential customers, increase reputation and gain trust.
Having a compromised website will severely damage all the above.
The last thing you want a customer to see is this warning from Google and having your website black-listed by all the major search engines.
Not all security breaches are done using a bot-net password guessing script or by uploading malware.
Social engineering focuses on the human factors involved with information security namely the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. In our case that would be to gain administrator access to a website or hosting account.
If you are interested in this particular area I urge you to buy this book.
Having a compromised website may even lead you into litigation if personal data has been stolen.
See the slides for my talk on Introduction to On-line Payments & PCI DSS Compliance to understand more about legal ramifications of data being stolen from your website.
If damaged trust and reputation doesn’t bring down your online business, then time and cost to clean up and restore the hacked website will.
This is why web security is so important.