The best time to consider migration is after you've done everything possible to make your site secure where it is. You have a better idea than of whether your protection is sufficient.
You have various options. One possibility is a better class of hosting with your current provider. If you've chosen the cheapest plan, it doesn't just have the smallest capacity. Most likely, it has fewer protections. It's not as high a priority for the support desk. Upgrading to a higher-level plan could give you better performance and better security at the same time.
A virtual private server (VPS) gives your site better isolation, and you have full control over it. If you want a highly secure site and have the resources to manage it,
affordable VPS hosting may be the way to go. You can install anti-malware software and a Quttera WAF for the greatest protection.
Keep in mind that a VPS means more responsibility; you have to take care of everything, including things that a shared hosting provider would do for you. But it doesn't put any limits on the security measures you can install.
Pay attention to your hosting quality, but don't blame it for your problems until you've ruled out issues with your site. As long as your hosting provider doesn't put excessive limits on what you can do, you can protect it with
ThreatSign Website Security. If you decide to move to another host later, ThreatSign Security can move with you. You'll be protected wherever you go.