The vast majority of companies are more exposed to cyberattacks than they have to be. To close the gaps in their security, CEOs can take a cue from the US military. Once a vulnerable IT colossus, it is becoming an adroit operator of well-defended networks. One key lesson of the military’s experience is that while technical upgrades are important, minimizing human error is even more crucial. Mistakes by network administrators and users — failures to patch vulnerabilities in legacy systems, misconfigured settings, violations of standard procedures — open the door to the overwhelming majority of successful attacks.