run by small/new companies.
A new company doesn't always equate to being a small one.
The small players have limited resources. How do they ensure they are sufficiently protected?
Some of the above users have already answered that part, but there are also a few
[small Russian exchanges] that do little to nothing on that front
[most of them use similar templates as well].
Why don't there be hacks every other day?
Assuming you're talking about the normal exchanges in that part, then while hackers try to exploit loopholes in a system, on the other end, there are people that work hard to make sure everything is hack-proof
[it's like a race].
In regards to the first part of the subject field, let me know what do you think after you've read the following two links: