Everyone these days are aware of the nefarious activities taking place on the Internet. It's not just the large sites that make the news.
I manage some medium sized sites where I track attacks by bad actors and they happen hundreds of times per day. Even if you don't conduct
transactions it's important that your site is secure otherwise it could be used to infect visitors to your site. It's important that the
server hardware your site resides on and the software it uses is up to date and up to the challenges presented by today's bad actors.
In addition to preventing bad things happening to your site and its users, a secure site will rank higher in search engines. If you conduct
business on your site you need to be using the very latest security protocols, many do not. Many of the encryption protocols used in the
recent past are being deprecatd now because of their vuneralbilities. Unfortunately too many developers and sites still utilize these
vunerable methods.
Having an SSL certificate on your site is a start, that will give you that "Secure" notice in the browser's address bar. But, that is not
nearly enough. If your site uses a database it is critical that the communications are properly coded to prevent injections by evil-doers.