The firemen are wasting their time responding to too many false alarms, he added.
Companies should be looking at technologies that allow them to prioritize the alerts, he added, to sort out the false positives, and the cases where an employee installed an ad toolbar on their laptop, and focus on the instances where an attacker is trying to get data out of the company.
Proofpoint is one of the companies that offers this kind of technology.
According to the survey, organizations put a median of 4.3 IT and related staff members per 1,000 employes to work dealing with the immediate aftermath of a breach, and increase that to 4.4 employees in the follow-up.
However, only 31 percent of organizations had a budget in place for data breach mitigation, and only 45 percent had data breach insurance in place.
Just over half of the organization that have a budget in place plan to increase it next year, while the rest plan to keep it the same. Only 1 percent of companies plan to decrease their breach mitigation budgets.
Sign up for CIO Asia eNewsletters.