One common pattern is that a few intelligence operatives did sound the warning.... But it was ignored, something management will deal with after the bureaucratic paperwork is filed.
This is the nature of bureauacracy. A low ranking internet security techie reports the start of a suspected attack and asks permission to immediately stop it. He is not given permission. The issue will be on the agenda at the next meeting of the bureaucrat managers.
It could have been stopped when only 2 or 3 were infected. But because the bureaucracy is bureaucratic 50,000 are infected or hundreds of thousands of SSN are stolen.
This pattern happens over and over again, in terroris, in crime, in ordinary busines risk and opportunity.
Call it swamp..call it bureaurcracy.. call it business as usual.
Sometimes the senior folks don't want to hear the negative news...or potential negative news.
Which I imagine in the intelligence world there's always something about to blow up somewhere. And when it doesn't, then it becomes a case of the boy who cried wolf.