How would you handle a data breach? You now have lots of problems to consider besides the actual breach itself. How do you keep the ICO happy? What about GDPR? How will you tell those affected? Will this impact on your future sales?
Far, far better not to be exposed in the first place. Contact LIS for a review of your setup and any specific risks and mitigation. Why not create a plan now so you have a process to follow when it all hits the fan? Why not consider improving your processes and security so the risk of a data breach is reduced or eliminated?