An incident response plan is a critical component of a cybersecurity program. A tabletop exercise can be used to test whether a response plan functions as desired and to identify gaps and other weaknesses in a firm’s cyber preparedness. Those topics were covered in a seminar co-hosted by the Private Equity Law Report’s sister services – the Hedge Fund Law Report and the Cybersecurity Law Report – which delved into the appropriate development and conduct of tabletop exercises. The panel featured Luke Dembosky, partner at Debevoise & Plimpton and former DOJ prosecutor; John “Four” Flynn, chief information security officer of Uber; and Jill Abitbol, Senior Editor of the Cybersecurity Law Report. This first article in a two-part series addresses how fund managers can effectively develop tabletop exercises, including whether they should be conducted in-house or externally; who should participate; what role counsel should play; and how frequent and long they should be. The second article will outline ways advisers can successfully conduct tabletop exercises, including their content and scope; participant engagement; common errors; and follow-up efforts. See “How Fund Managers Can Prepare for the Latest SEC Cyber Sweeps” (Jul. 16, 2019).