Every project launching a token should have a documented, rehearsed incident response plan before TGE. At minimum it should cover: a war room protocol (who is on call and how they are contacted), a decision tree for pausing contracts, a communication plan for public disclosure, and pre-authorized actions for the multisig signers.

Speed matters more than perfection. The projects that limit exploit damage are the ones that can execute a pause within minutes, not hours. Run a tabletop exercise with your team before launch — simulate an exploit, walk through the response, and identify gaps. If your team has never practiced the response, the first real incident will go badly.