Building off your analogy, you don't order mandatory evacuations every time you see a tropical depression form out in the Atlantic. It's only when the tropical depression actually turns into a hurricane and is on a collision course that you warn the public.
Data breaches are the same. If you put out a press release every time your infosec team discovered an attack, you'd be putting out releases every single day, multiple times a day, even though most of those breaches would turn out to be inconsequential after investigation. The public would become totally desensitized to them. That's why the investigation has to be done to determine if there actually is something to notify the public about.
Now, there's surely a point in the investigation where you "know" that the public needs to be notified, but you aren't completely done with the investigation yet. It would probably be in the public interest to notify then rather than waiting, but I think companies are scared to do this because many companies in the past have been lambasted by the public for doing just that. Apparently people don't like it when you release a statement saying "we had a major breach and some customers are affected but we don't know who yet", so it seems that companies are opting to get all the facts before saying anything.
Data breaches are the same. If you put out a press release every time your infosec team discovered an attack, you'd be putting out releases every single day, multiple times a day, even though most of those breaches would turn out to be inconsequential after investigation. The public would become totally desensitized to them. That's why the investigation has to be done to determine if there actually is something to notify the public about.
Now, there's surely a point in the investigation where you "know" that the public needs to be notified, but you aren't completely done with the investigation yet. It would probably be in the public interest to notify then rather than waiting, but I think companies are scared to do this because many companies in the past have been lambasted by the public for doing just that. Apparently people don't like it when you release a statement saying "we had a major breach and some customers are affected but we don't know who yet", so it seems that companies are opting to get all the facts before saying anything.