Slowing the attacker down
Accepting the underlying assumptions of military defense in depth in cybersecurity requires an understanding of what happens after the perimeter is breached and then taking control of the situation.
Ideally, defense-in-depth strategy deals with threats as far away from critical information assets as possible. If a firewall or gateway at the perimeter is the only defense, then breaching or bypassing the perimeter means that the entire network is compromised. Additional layers of cybersecurity defenses can be added so that, just like in military defense in depth, the attacker is directed into portions of the network that will slow them down and waste their time and resources, while the defender gets to watch and see what the attacker is after, what offensive capabilities they possess, what vulnerabilities they seek and which exploits they attempt to use.
A honeypot is one step in