More and more DDoS attacks are happening every month.
The domains and companies that get targeted are just as often small family businesses as large financial institutions.
1st. If you are choosing a shared host, one of the most important things to look for is CloudLinux.
CloudLinux won't help you much if your site is under attack, but it will limit other sites on your server, who are under attack, from affecting you.
Remember you are 1 of 500+ sites, so any of the 500 other sites being attacked, without CloudLinux, will also affect you.
2nd, LiteSpeed WebServer will arrest a small DDoS alone. As it's thread based rather than process based, it's easier for the server to spot and block/ignore malicious IPs.
So this will really help if you or any other site is under attack.
LiteSpeed is uses less CPU and memory to perform the same tasks, so is affected less by DDoS activities.
3rd, some kind of DDoS Protection, hardware or Software.
4th, a WAF to stop anything getting through the IP stack from running any code.