I recently read an article by the Washington Post in which they had a link explaining what a hardware wallet is. The article does a fantastic job of explaining the benefits and vulnerabilities of a hardware wallet to newbies. Many newbies buy a hardware wallet not knowing how to use it, and worse still, think they're protected simply by virtue of owning one without realizing the vulnerabilities ("with great powers, come great responsibilities").
I think storing a minimal amount on an online exchange is fine, but if you are planning to hold for a while then a hardware wallet is a must buy. What makes a hardware wallet superior? Unlike an online wallet that is connected 24/7 and anyone can access it from anywhere (including a hacker), a hardware wallet only works when the physical device is connected to the computer. The most important thing to remember about a hardware wallet is to NEVER GIVE OUT YOUR SEED PHRASE.
The victims in the article purchased a hardware wallet only to lose all their bitcoins because they gave our their seed phrase to a fake iOS app. Trezor, a popular hardware wallet, does not and has no plans to develop a mobile app. My heart broke when I read that one victim lost $600,000 in bitcoins. That's an expensive lesson and I hope you don't make the same mistake.