The attorney-client and work product privileges are powerful tools that assist companies in honestly examining cybersecurity gaps, preparing for incidents, and responding to breaches without concern that discussions and recommendations about a company’s vulnerabilities will be subject to future litigation. Those privileges are “a way of fostering an open consideration of the issues without fear it will necessarily have ramifications,” Alexander Southwell, a partner at Gibson Dunn, told the Cybersecurity Law Report. Preserving the privilege when preparing for a breach, however, is difficult unless a company properly distinguishes legal analysis from regular operational tasks. This article, the first of a two-part article series, addresses steps companies should take to preserve privilege in pre-incident response planning and testing activities. The second part will address how to retain privilege during post-incident response efforts.