An intrusion detection system may fail to detect an unknown zero-day attack, resulting in a false negative where the attack goes undetected. False negatives are worse for a network administrator than false positives because real attacks could be occurring without the administrator's awareness, compromising network security. False positives, while creating extra work, at least don't allow actual attacks to go unnoticed.