Are Library's naive to website attacks?

I've found myself asking this question over the last few days as I spend my days, and most of the nights, fighting an attack that crippled our websites. When I tell people about our libraries websites being attacked, almost without fail, the first response from the person is "Who would want to attack a library?" or "Why would someone attack us?" as if there is some code of ethics for hackers.

Warning, rant follows:
I would like to think our library and library partners are a microcosm of the library industry and if this is true, the answer to my questions seems to be Yes. It's become glaring evident that we can no longer continue to have this mindset that we're not a target, because we are. Often a website may not even know it has been attacked and is inadvertently spreading some dangerous virus or exploit throughout the world. Libraries often have or are attached to larger networks that bad people can use to spread their malicious software. Patron information could be appealing to hackers. We must consider looking at our software security policies and procedures and add website safeguards to protect your interests. Wake up libraries!!! There are bad people out there who want to use your websites and patrons PC's to do bad things.