30+ years of tech, retired from an identity intelligence company, now part-time with an insurance broker.
Dev community mod - mostly light gardening & weeding out spam :)
Static sites are likely much less at risk => none of your code to attack on the server side, however any APIs in use need careful thought on selection & access control.
Beware of supply chain attacks if your sites use client-side scripting, and especially if that script is loaded from a CMS or 3rd party: troyhunt.com/the-javascript-supply...
If hosting in AWS, leverage their monitoring and alerting tools, especially modern anomaly detection systems, and have a plan on how you will react if something bad shows up: aws.amazon.com/security/
Standard answer of course: it depends.... :)
Pragmatic suggestions follow:
Hope this helps..
Thanks! These would greatly help!