What does the term "mitigation" mean in risk management?

Mitigation in risk management refers to the proactive measures taken to reduce either the impact or the likelihood of potential risks. This involves implementing strategies or actions that aim to lessen the severity of negative outcomes if a risk materializes, as well as decreasing the probability that risks will occur in the first place. Effective mitigation can include a range of activities, such as developing policies, instituting controls, conducting training, or utilizing technology to manage risk.

In the context of risk management, simply transferring risks to third parties, ignoring risks altogether, or accepting all risks without a plan could expose an organization to significant vulnerabilities. While options that involve transferring or accepting risks may be part of an overall risk management strategy, they do not fit the broader definition of mitigation, which focuses on active measures to reduce risks rather than shifting responsibility or ignoring them.