Well, yes and no. There's network security and application security.
With network security, which is the encryption used in SSL certificates (if your website is set up that way), the communication between the web server where your website lives and the browser of the website visitor is encrypted. This is tough encryption and is nearly impossible to crack. So that communication and information shown on those web pages of your website is secure.
Then there's application security. There's no secure software. Software on your computer isn't totally secure, which is why there are updates and patches that come out. Your computer is connected to the Internet, so it could be compromised - even if there's a firewall because a firewall is software, too, which could have flaws. Now, think about computers that are even more open to the Internet and are connected 100% of the time - these are web servers. If hackers are trying to get into your computer, how much more do you think they are trying to get into web servers, which are much more open in certain ways?
The software ("scripts" we call them) running on your website need to be updated. Vulnerabilities and holes are found all the time. This is one reason why you want to use software that's used by many people and has support. Lots of Open Source software falls into this category and can arguably be more secure than software that isn't Open Source (think Microsoft products) because there are more developers and more people developing and testing it. This means that website software has to be updated continuously. Patches come out all the time. If software (PHP scripts, etc.) is not updated, it'll get old and could be full of holes. When a website is in that state, it's really just a matter of time before it will get hacked into.
There is a cost of ownership with a website. These updates and patches have to be installed. If your website has custom features, then applying these patches and updates will require more care so that these custom features do not break. There is then more testing involved as well. As a website owner, you are ultimately responsible for keeping your website software up to date. Sure, you can outsource this work to a company like Webstix, which is what we're here for - but you have to assign us to do this work, so it's still on you.
Webstix has a system called Maintenance Blocks where you can pre-pay our time and get discounts when you do it in bulk. Plan on using at least 12-24 Maintenance Blocks (6-12 hours) per year if your website has any kind of scripting on it (a CMS, blog, shopping cart, etc.).