What can be done if a hacker takes over the admin account?

Security seems to be a big topic recently in the Wordpress community and I am preparing for various situations. The question is what can be done if a hacker hypothetically gets control over the admin account?