It;s about reducing business risk- loss of reputation, loss of customers, maybe loss of your complete business.

The weak link is often your own people. Hackers go for the easy hanging fruit and that is usually carelessness. Typical ransom threats cost £5,000 i.e. pay-up now or we crash your complete system. And if you don't they will.

It's such a well organised business that they have Support to help you pay! 

In addition to protecting your business there is the General Data Protection Regulation (GDPR) coming into full effect in May next year, we will see a significant change to the regulatory landscape. From 2018, disclosure of a data breach will become mandatory and fines may stretch to 4% of revenue, posing significant cause for organisations to reconsider their security measures. 

Don't think that BREXIT will protect you. If you have EU citizens working for you than your are bound by it. If you trade with the EU; it is part of UK law anyway.

For practical background reading look at Infosec Horizons.

It does not £000's to mitigate risk- important if you are an SME. For just £300 you can take a Cyber Essentials self-certification  which includes a Cyber Security expert checking your answers and advising if more needs to be done.   

Have a look at DAS Cyber Security- help for wide range of organisations from small to large enterprise & public sector.