Mitigation goes beyond "stopping the bleeding" — what two additional aims does it add?
Maintaining business operations and understanding the attacker's goal (root cause), not just applying technical fixes.
Once the immediate bleeding is stopped, mitigation properly contains the threat and minimises damage — but it is not purely technical. It also covers keeping the business running (Aufrechterhaltung des Geschäftsbetriebs) and understanding the attacker's objective and root cause so you can gather information and react in the best possible way. A favourite analogy borrows hockey star Wayne Gretzky — "Skate to where the puck is going to be, not where it has been" — meaning anticipate the attacker's next move rather than only reacting to the last one.