Incident response plans are a necessary weapon in a fund manager’s arsenal to combat cybercrime. The plan should be developed and maintained by a cross-functional group, with input from experienced outside counsel. Managers should ensure that the plans are tailored and dynamic enough to respond to the uncertainty of threats. To help readers establish effective incident response plans, the Hedge Fund Law Report recently interviewed Luke Dembosky, co‑chair of Debevoise & Plimpton’s cybersecurity and data privacy practice and a former long-time cyber crimes prosecutor for the DOJ. This article presents his insights. See our three-part series on how fund managers should structure their cybersecurity programs: “Background and Best Practices” (Mar. 22, 2018); “CISO Hiring, Governance Structures and the Role of the CCO” (Apr. 5, 2018); and “Stakeholder Communication, Outsourcing, Co-Sourcing and Managing Third Parties” (Apr. 12, 2018). To further explore how fund managers can prepare themselves for cyber incidents, on Tuesday, July 30, 2019, at 1:00 p.m. ET, the Hedge Fund Law Report and its sister product the Cybersecurity Law Report will host a complimentary webinar entitled “Conducting an Effective Tabletop Exercise.” The program will be moderated by Shaw Horton, Associate Editor of the Hedge Fund Law Report, and will feature Dembosky, John “Four” Flynn, chief information security officer at Uber, and Jill Abitbol, Senior Editor of the Cybersecurity Law Report. To register for the webinar, click here.