One of the primary factors for security breaches is what IDC calls the hapless user. Hapless users are a threat because they allow their credentials or trusted access to be misused by cyber attackers. Importantly, hapless users are entirely unintentional in the loss and destruction they cause. Why are hapless users so much of a threat? Because organizations do not think about these threats in this way. Rather than considering the root cause of hapless user activity, they are focusing on the resulting threats themselves. This means that they are looking in the wrong places to detect attacks and avoid breaches caused by hapless users.