A root cause analysis is intended to find the underlying cause for a security incident/breach. This approach will ensure that money and time invested in addressing a shortfall, is truly addressing the problem and not just a bandage, which only hides the problem temporarily.
Root cause analysis create scalable solutions that ensure that the fix scales up. A great example is the problem of missing patches. Applying the patches will result in new patches also not being applied. The patch management process needs to be fixed, to ensure patches are applied in a timely fashion.
Conducting a root cause analysis will help to save costs in the long-run. The extra time invested in identifying the solution to a root cause will avoid repeated exercises to address the same situation over and over again.
Root cause analysis will help to mitigate risks long-term. Going back to the patch example: Applying a missing patch, without having a working patch management process, will result in a short-term increase in security posture but not long-term. Risks are not mitigated consistently and reliably.
