By mitigate, I assume you mean a company experienced a data breach and now wants to prevent it from happening again.
The first step is to make a preliminary mitigation based on your best understanding of the breach. This will stop the crisis and create the time and attention from key people you need for the next step.
Which is the company will do a thorough root cause analysis that examines all four dimensions of the breach:
- People
- Process
- Technology
- Policy
Once it’s clear how and why the data breach happened, then the work to mitigate it can be completed.
In the case of Equifax, their root cause analysis became a public document:
https://www.gao.gov/assets/700/6…
And, the cost to mitigate has reached $1.4 billion and climbing!