Keeping your company data safe and secure is not an easy task. There are known threats that have well-established standard counter measures, and there are unknown threats, for which we can only prepare in a general way.
It is apparent that unknown threats are uncertain by their nature; we have no clue what they are and how often they can appear. More than that, we cannot predict what will be the damage.
On the map below, you can find a map addressing a number of threats from a security perspective. They form a pipeline meaning that once identified they get more mature (both in terms of hackers sophistication and known counter measures).
In this way, you can easily identify the most critical components - they are those that protect you from most threats. However, implementing all of the security measures will make you only as safe as the industry is. You will not be less vulnerable than your competition.
If you want to be that secure, you need to look at each threat (as on the map below) and identify what is a given exploit constraint. It may be time, it may be computing power or something completely else.
Once you know that, you can design a protective measure that will require substantial use of that component. Think of adding 60 seconds delay after a password is incorrectly typed 3 times - it annoys a few users, but effectively kills most brute force algorithms.
In that way, you can be better than the industry; attacking you will be just economically unreasonable.