Cyber Security is just one aspect of your web service security.

... and probably NOT the most important!

Security of your service is obviously very important.  Depending on what you manage or retain via your web service, you may have various legal, duties of care to concern yourself with.  So this subject must be taken seriously - but cyber security is only ONE of those risks.

When you consider the risks that may impact on security, don't be blinded by "cyber-risk" - the term that is generally used to categorise the risks associated with electronic access to sensitive data.

There are some fairly obvious security concerns to address first.

Human Engineering

Most theft of sensitive electronic information is generally accepted to be by obtaining user name / password combinations by ... simply asking for them.  It is estimated that people will hand over an access account on 1 in 10 requests.  You probably already know that people in your organisation share access account details.  The key is to be able to trace who-did-what-when-from-where.  And then include clear requirements in the terms and conditions

Physical Security

Your data can be stolen - physically.  Are you aware?  Copies, back up tapes, off-site storage discs, USB sticks and even the servers themselves.  Make sure you know where physical copies of your system / data are, who has access and, ideally, that they are encrypted.

Ownership

Do you even own your own data?  There's a chance you don't.  If your data is held in a shared platform, you may find that using the tools includes a signing over of copyright, or third party usage.  If you don't own the information you can at least stop worrying about it being stolen!

Disaster Recovery

If it can happen ... it will!  With this in mind, make sure you have some method of restoring your service - this includes back-ups, hardware support and telecoms alternatives.