While it is now fairly common practice for organizations to have a formalized incident response plan, many organizations fail to test those plans, leaving them susceptible to unanticipated problems. Credit reporting agency Equifax learned this lesson the hard way when it was hit by a cyber attack that exposed the addresses, Social Security numbers and financial information of 143 million customers. The breach has also led to over 20 class actions filed to date, at least one AG action filed thus far (with pending investigations by other AG offices and the FTC), and the departures of the CSO, CIO and the CEO. Other companies can learn from this fallout. In this first installment of our two-part series on incident response lessons from Equifax, we hear from experts on key components of incident response planning and how to bolster those plans by learning from Equifax’s mistakes. Part two will provide expert tips on ensuring an incident response plan is efficient and effective and will address key stakeholders and their roles and responsibilities. See also our three-part guide to developing and implementing a successful cyber incident response plan: “From Data Mapping to Evaluation” (Apr. 27, 2016); “Seven Key Components” (May 11, 2016); and “Does Your Plan Work?” (May 25, 2016).