Cyber mitigation refers to policies and processes that a company enforces to prevent security incidents and data breaches in addition to limiting the extent of damage when security attacks occur. Partial mitigation is when this process is not completed and implemented after a security breach, typically due to a lack of information, which leaves the company vulnerable to the same threat in the future. There are three main aspects of cyber mitigation: prevention, identification and remedy/response.

When any of those steps are not fully completed it is considered partial mitigation. The goal of mitigation is to prevent security breaches and to limit the damage after a breach, so when the mitigation is only partially completed, the company is not completely protected to the best of its ability.