Relatively speaking, your security is:
- Higher if you hold little or no financial information, or have few network resources,
- Higher if your server is vigorously patched and correctly configured,
- Higher if your code is built to high standards and
- Higher if the network connecting your site to the Internet has tight permissions.
You can employ formal measurement metrics, like this one from ISACA: http://www.isaca.org/Journal/archives/2011/Volume-4/Pages/Measure-and-Monitor-Application-Security.aspx
Or you can employ an “alternative” methodology like this one from White Hat Security: https://www.whitehatsec.com/blog/if-you-want-to-improve-something-measure-it/