I don’t think that the cybersecurity team did anything wrong. If they can be exploited that way then it is a measurable risk.