Online security does get a fair amount of attention but it is still paid too little attention. Everyone should be using password manager to create long passwords, unique for them (not duplicating across sign ons) for our online accounts. And when possible using two factor authentication.
Part of the reason we need to be extra careful is to make up for less than ideal security practices at companies. I wrote about something that is similar to how Apple Pay works before they announced: a method to secure your credit card even in the event the store fails to protect their computer systems.
Since most businesses outsource hosting their web sites to network operations centers run by others this is another area that must be addressed. Evaluating co-location hosts is a complex task and companies such as Colocation Authority provide expertise in this area.
The factors in choosing a host for your servers are complex. Essentially you want a reliable connection to the servers either to access by your network (almost certainly tunneled over the internet) or to host content available directly via the internet. Physical security is one important factor but there are many others including redundant power supply, redundant connections to the internet, sensible infrastructure within the operations center and often security code at the network operation center level to aid in blocking things like denial of service attacks.
For even fairly large businesses having expertise to evaluate the best co-location options is difficult and would be expensive. Therefore using specialized experts is wise.
Related: Site Owner Impressed with FBIs Response to The Theft of Their Domain - Don't Lock Your Content Inside a Proprietary System