Poor or no cybersecurity training, a lack of repeatable security processes, failure to align business and cybersecurity goals, and a short-term view have all exacerbated a cybersecurity skills crisis that is widening, according to a new global study, despite a range of efforts to address it in new ways. As a result, Australian organisations are trying ways to cope better.Fully 70% of the 343 respondents to the Information Systems Security Association (ISSA)-Enterprise Strategy Group (ESG) study\u2014entitled \u201cThe Life and Times of Cyber Security Professionals\u201d\u2014said the ongoing cybersecurity skills shortage is impacting their organisation, with 91% saying that most organisations remain vulnerable to a significant attack or data breach.Respondents blamed lack of training of non-technical employees (cited by 31%), lack of adequate cybersecurity staff (22%), and the low priority given to cybersecurity by company management (20%) as the key contributors to the ongoing flood of security breaches.\u201cWe are not making progress, cybersecurity professionals can\u2019t scale, and the implications of the skills shortage are becoming more pervasive and ominous,\u201d warned report author and ESG senior principal analyst Jon Oltsik.ISSA international board of directors member Candy Alexander was equally concerned: \u201cWhile organisations have been investing in new cybersecurity technology, they are not investing enough in their people,\u201d she said in a statement. \u201cWe, as a profession, need to help business understand the cybersecurity skills investment versus risk trade-off.\u201dSome private-sector organisations are embracing new ways of addressing the issue with programs designed to help accelerate the sourcing and training of technical and nontechnical staff for cybersecurity positions.Startup WithYouWithMe, for one, has focused on retraining Australian Defence Force veterans for cybersecurity positions and has placed 184 veterans since commencing in December 2016. The company\u2019s Cyber Military Training Program has filled its Cyber Security Pathway with more than 50 additional veterans who, founder Jayson Christian said, \u201cpossess analytical skills and provide unique insight to solve complex problems.\u201dThis sort of training\u2014which provides exactly the kind of cybersecurity training to nontechnical people flagged in the ISSA-ESG report\u2014reflects the different thinking that employers need to embrace if they have any hope of filling the cybersecurity skills gap.\u201cWe should be open to those who may not have the depth of experience\u201d in cybersecurity, ISACA CEO Matt Loeb recently told CSO Australia. \u201cA lot of openings for these cybersecurity jobs are staying open for six months because the companies are looking for people with 5 years\u2019 experience and credentials galore. There just aren\u2019t enough of those people out there.\u201dFor its part, CompTIA\u2019s ANZ Channel Community recently began a six-month pilot of a mentoring program, based on Mentorloop software, that joins eager IT workers with private-sector mentors to help guide their transition into the industry.Other organisations are taking new approaches to raising the baseline cybersecurity capability across Australia and the region. Australian security consultancy Sense of Security, for one, this month partnered with the Department of Foreign Affairs and Trade (DFAT) to launch a Cyber Cooperation Program designed to foster better cybersecurity skills across the Asia-Pacific region.That program, which is supported through the additional $10 million recently announced for the government\u2019s International Cyber Engagement Strategy, will build regional cybersecurity skills and help protect Australian cyber interests, Sense of Security COO Murray Goldschmidt.\u201cBy sharing our knowledge of the cyber landscape and the potential threats developing countries will face when implementing their cyber strategies, we can better protect them from cyber crime,\u201d he said in a statement. \u201cThis will be critical moving forwards, as criminals could exploit potential weak links in Australia\u2019s Indo-Pacific partnerships to gain access to their networks.\u201dRecent figures from US technology industry association CompTIA delivered positive news for the IT sector, with the organisation\u2019s CompTIA IT Industry Business Confidence Index hitting record highs this quarter on the back of the addition of an estimated 4700 new IT jobs. And Australian recruiter Hays IT pegged cybersecurity engineering positions as one of its \u201ctech jobs predicted to explode\u201d.Yet growth in IT-related jobs, or even in cybersecurity-specific jobs, won\u2019t always meet demand because there are so many skill sets falling under the same umbrella. Areas such as security analysis and investigation skills, application security skills, and cloud-computing security skills were named by 31%, 31%, and 29% of ISSA-ESG respondents, respectively, as the areas of the biggest shortfalls.Fixing the cybersecurity skills gap will ultimately require businesses to adjust the way they perceive, measure and invest in cybersecurity training, respondents to the ISSA-ESG report advised. This included adding goals and metrics to IT and business managers, named by 43% of respondents; documenting and formalising all cybersecurity processes (41%); investing in more training and education at all levels from nontechnical employees and IT or cybersecurity teams, up to executive management; providing the right training and mapping these skills into overall career path development; and planning for a perpetual cybersecurity skills shortage.