Incident response plans are a necessary weapon in a company’s arsenal to combat cybercrime. Luke Dembosky, co‑chair of Debevoise & Plimpton’s cybersecurity and data privacy practice and a former cybercrimes prosecutor for the DOJ, spoke with the Cybersecurity Law Report about surmounting the challenges of developing and implementing an effective plan, with a focus on the heavily regulated financial services industry. He addressed, among other things, strategies for ensuring that the plan is properly tailored to the entity, yet dynamic enough to respond to evolving threats. See “Lessons From the Equifax Breach on How to Bolster Incident Response Planning (Part One of Two)” (Sep. 27, 2017); Part Two (Oct. 11, 2017).