I do not recommend disabling it completely but he can ask the host to disable it per rule ID.
Depending on the kind of rules the provider has, ModSecurity can help block spam, hack attempt, brute force, injection, etc… it can also help with your bandwidth and lessen the web server load for useless traffic.