But how? I don't know how complex networks are managed but I'd assume it would run more or less the way it did previously, only slower.
You're exactly right. DDoS results in maybe staff not being able to email briefly, just annoying crap... Even that can be avoided with planning.
It doesn't imply any further breaching. Maybe a trigger for systems audit - possibly a good thing in an ironic way.
What triggers further inspection in my (PCI-DSS) infra is not DDoS... No, it's traffic from TOR endpoints that registers any blip on the routers.
I've no issue with TOR. It has my best wishes. I will say though, our systems see not 1 byte of TOR traffic that's in any way a "legitimate visitor".