This policy brief discusses key digital security policy issues that have emerged during the COVID-19 crisis, based on input shared by delegations to the OECD Working Party on Security in the Digital Economy (SDE) during the initial peak of the crisis. It distils lessons for organisations and policy makers, highlighting the urgent need for 1) ongoing efforts by public and private organisations to manage digital security risk during crises with flexible and agile processes; 2) significant efforts to strengthen digital security in the health care sector and for small businesses; and 3) nurturing a multi-stakeholder digital security ecosystem on an ongoing basis to enable information sharing in exceptional circumstances. This note should be read in conjunction with the policy brief on dealing with digital security risk during the COVID-19 crisis, published in April 2020, which focused on how threat actors had adapted to the crisis, the responses of governments, and recommendations for governments and the public at large.