Well, for me there is. As an actual cybersecurity professional I feel bound to not create extra work unless it is for some clear and valuable purpose. Coordinating with the company expends minimal effort and can save them a lot of effort. That is just the right thing to do. It is mostly the wrong, already overworked, people's time getting wasted anyhow if you do trigger an incident or investigation.
I agree with everything you wrote except this sentence. There is no ethical obligation not to waste a company's time.