The last thing you want to be doing when a breach hits is negotiating contracts to get help. You can do this in advance.
Ask your CISO/CIO who your IR responder is, and if you have a contract in place already. You may have one available through your insurance – but do you know how you contact them? Who else should be on your IR team?