Crises and disasters are unavoidable; especially, from the perspective of information security professionals, whose adage is to "assume you've already been hacked." It would be naïve to assume that any network was impervious to adversarial campaigns. The difference between a cybersecurity novice and a leader isn't whether they can infallibly prevent incidents; rather, the distinction lies in how they respond to crises, mitigate impacts, remediate compromises, and incorporate lessons into their risk assessment, policies, and response plans.
An organization's personnel can be the strongest or weakest element of any security strategy. In times of national crisis, such as the COVID-19 pandemic, tensions can run high, and conventionally manageable stresses can accumulate and degrade focus, performance, and mental bandwidth.