HTTPS is often associated with security, and a "secure web", but on its own it does not protect your site against thousands of potential vulnerabilities or exploits.
When a user's web browser connects to your website over HTTPS, the connection from your webpage to the user is encrypted, meaning that any data exchanged is not readable by others without an encryption key. Without encryption, hackers can read the data being exchanged and use it for their own purposes.
SSL certificates themselves can be vulnerable and exploited. CyberScanner includes an SSL checker and installation validator.
Outside of this, there are thousands of ways hackers can exploit your website and access customer data - even if the data is stored on servers elsewhere.