This article says it perfectly, and a lot of security specialists agree that it's when - not if - you get affected in someway by a breach. Whether it's your customer's clients details being stolen or your own.

We've touched upon the security of outsourced payment models, and the lengths they go to to protect customer's data and assist in PCI DSS compliance. A big part of the solution is to outsource any data that isn't imperative to your business. But in reality, you can tick as many boxes as you like, be it PCI DSS, COBIT, HIPPAA or many others - if your environment isn't secure, the ramifications will still be the same when you get breached. 

Depending on your business, there will be payment solutions that can reduce your risk - such as P2PE for businesses accepting face-to-face payments, or hosted re-direct payment models for websites.  For eCommerce businesses, a hosted re-direct payment page or secure iframe is proving to not be enough to deter hackers. Your #1 priority should be a secure website and there are solutions available to you, such as a Web Application Firewall, or File Integrity Monitoring and more. Such technologies  significantly reduce business risk and do not require advanced security skills to manage. 

Adding those extra layers of security to your website could be the difference between happy and safe customers and a potential data disaster.