Cybersecurity has become a growing concern in the assessment management industry, with private funds being specifically targeted on a number of occasions. For example, an Australian hedge fund was forced to close after a cyber attack in September 2020 triggered by a fake Zoom invitation led to the mistaken approval of $8.7 million in fraudulent invoices. In addition, three British private equity firms were victims of an elaborate cyber attack that fraudulently induced them to wire $1.3 million, of which nearly $700,000 was never recouped. The recent rise of highly sophisticated cultural engineering attacks against fund managers has raised concerns in the industry – and prompted the SEC to issue a risk alert on the topic. A tabletop exercise can be used to test whether a response plan functions as desired and to identify gaps and other weaknesses in a firm’s cyber preparedness. The Hedge Fund Law Report and the Cybersecurity Law Report presented a seminar, entitled “Conducting an Effective Tabletop Exercise,” which delved into the appropriate development and conduct of tabletop exercises. The first article in our two-part series on the event addresses how fund managers can effectively develop tabletop exercises, including whether they should be conducted in-house or externally; who should participate; what role counsel should play; and how frequent and long they should be. The second article outlines ways advisers can successfully conduct tabletop exercises, including their content and scope; participant engagement; common errors; and follow-up. See “Six Ways For Fund Managers to Prepare for the SEC’s Focus on Cybersecurity and Resiliency” (Apr. 30, 2020); and our three-part series on how fund managers should structure their cybersecurity programs: “Background and Best Practices” (Mar. 22, 2018); “CISO Hiring, Governance Structures and the Role of the CCO” (Apr. 5, 2018); and “Stakeholder Communication, Outsourcing, Co-Sourcing and Managing Third Parties” (Apr. 12, 2018).