The idea is that the malware could have infiltrated the system (probably) but couldn't have exfiltrated data from it.
So a data diode wouldn't stop a "stuxnet" scenairo where the malware is trying to sabotage the air-gapped. But it would prevent secret information being leaked out.
(Btw. I'm just explaining what a data diode is, and what guarantees it provides. I don't actually think that it would be useful in practice, because it feels to be too cumbersome to use it and therefore the users/IT would poke holes into the security it would provide otherwise.)
So a data diode wouldn't stop a "stuxnet" scenairo where the malware is trying to sabotage the air-gapped. But it would prevent secret information being leaked out.
(Btw. I'm just explaining what a data diode is, and what guarantees it provides. I don't actually think that it would be useful in practice, because it feels to be too cumbersome to use it and therefore the users/IT would poke holes into the security it would provide otherwise.)