The small players have limited resources. How do they ensure they are sufficiently protected?
This provides a variety of answers, users will have reference to security advice in various sources and consideration of their own capabilities or resources (
as you said).
Why don't there be hacks every other day?
We probably won't read wallet service hacking news every day, it's a big effort for a hacker. And I've read that hackers would prefer to hack servers over clients for custodial services.
We think it's pretty safe from external threats, but that doesn't mean we can be safe from internal threats, because the service itself can turn around to threaten you at any time. Almost every day you can find how customers of CEXs are having problems such as, deposits and withdrawals not being processed, account closing without valid reasons, etc.