Even with HTTPS (delivered via an SSL certificate), your company is just protecting your customers' personal data from being stolen while they are using your site.
This does not protect your website from cyber threats, or emerging cyber threats (threats that have not been seen before are in this category).
With website security, you are protecting your website from dangers like Distributed Denial of Service (DDoS) attacks, spoofed websites (where a hacked copy of your website is running and accepting payments, or stealing your customer's personal information), etc.
These are all damages to your brand that can be a disaster, especially if your prospects or customers are not familiar with your brand, or company. This will create distrust, and they will go to your competitors instead.