Failure to pinpoint cause of breaches leaves many organizations wide open to further attacks. Resource shortages, firefight pressure, planning issues, and lack of post-incident follow-up to blame.