Can a business be “partially” prepared to ward off cyberthreats? That’s up for debate, but it seems there is little difference between “partial protection” and no protection at all.