Not even state-of-the-art cybersecurity measures can prevent all breaches, so it is critical for investment managers to be prepared for such events.  Managers should consider adopting a breach response plan; they should also consider purchasing insurance to mitigate their losses and response costs in the event of a breach.  Both of those approaches to mitigating the fallout from a cyber breach were recently considered in depth at a program sponsored by K&L Gates and the Investment Adviser Association (IAA).  The program – the fourth installment of the sponsors’ Investment Management Cybersecurity Seminar Series – was moderated by Mark C. Amorosi, a partner at K&L Gates, and featured Laura L. Grossman, assistant general counsel at the IAA; Jason Warmbir, a vice president at Willis Group Holdings Ltd.; and K&L Gates partners András P. Teleki and Gregory S. Wright.  This article, the first in a two-part series, explores the development and testing of a breach response plan; implementation of the plan in the event of a breach; breach notification requirements; and other post-breach actions.  The second article will discuss the availability of coverage for cyber breaches under conventional insurance policies; the availability and types of specialized cyber liability coverage; and coverage issues that may arise under such policies.  For discussions of prior installments in the series, in which Amorosi, Grossman and Teleki also participated, see “K&L Gates-IAA Panel Provides Comprehensive Overview of Cybersecurity Risk Mitigation Frameworks and Techniques for Investment Managers (Part Two of Two),” Hedge Fund Law Report, Vol. 8, No. 17 (Apr. 30, 2015); and “K&L Gates-IAA Panel Addresses Regulatory Compliance and Practical Elements of Cybersecurity Testing (Part Two of Two),” Hedge Fund Law Report, Vol. 8, No. 21 (May 28, 2015).