SYDNEY, June 25 (Reuters) - Australian companies have

sharply reduced the time it takes to recover from cyberattacks,

a sign of improved preparedness amid heightened regulatory

pressure following high-profile breaches at Optus and Medibank.

Businesses in Australia and New Zealand now take 28 days on

average to recover from an incident, down from 45 days a year

earlier, according to a survey of 408 IT executives that was

shared exclusively with Reuters. That still trails the global

average of 24 days.

"I do put that down to the fact that organisations and

enterprises are getting more aware," said Martin Creighan,

Asia-Pacific vice president at U.S. data protection firm

Commvault ( CVLT ), which commissioned the survey.

"I also put it down to the fact that the regulators are

being more stringent and more strict on what their requirements

are," he added in an interview.

Australia introduced mandatory breach disclosures and

cybersecurity compliance reporting after 2022 attacks on Optus,

owned by Singapore Telecommunications, and Medibank

exposed millions of customer records.

The country's cybercrime agency reported the average

self-reported cost of cybercrime per business fell 8%, including

an 11% drop for large firms, in the year to June 2024.

Despite improved recovery times, fewer than a third of firms

could respond effectively to an attack, and 12% had no formal

response plan, showed the survey by Commvault ( CVLT ) which counts some

of Australia's biggest banks and government departments as

clients.

Over half lacked full visibility of where data was stored or

how systems were connected, the survey found.

Creighan said cybersecurity was no longer confined to

company tech departments and he had seen a rise in requests to

brief boards on cyber resilience "because they're worried about

the regulation landscape".