The website's crash forced the suspension in trading of seven companies with a combined market value of HK$1.5 trillion. They include HSBC, Cathay Pacific Airways and HKEx itself. Trading was also halted on a debt security and 419 warrants and derivatives linked to the suspended stocks.

Trading in the stocks were suspended, as the companies had tried to make price-sensitive announcements during the lunchtime trading break, which investors might not have seen because of the website's crash.

HKEXnews.hk, which was under attack, is the HKEx's sole official site for all regulatory filings and disclosure announcements by the city's 1,463 listed firms. That includes 5,712 other types of securities, including warrants, derivatives and bonds.

Trading in the stocks resumed after HKEx set up a backup site on Wednesday afternoon.

The suspension sparked a heated debate on HKEx suspension policies. Critics said the exchange overreacted because investors could still access the information on the websites of the individual companies concerned.

Listed companies are required to maintain their own website on which they post mandatory announcements, as well as simultaneously to the stock exchange.

Kenny Lee Yiu-sun, chief executive of local brokerage First China Securities, said: 'Many retail investors were not happy with the suspension because they couldn't trade the stocks.'

However, the government and the Securities and Futures Commission support the exchange's decision to suspend trading. Secretary for Financial Services and the Treasury Chan Ka-keung said: 'The suspension helped to ensure a fair market and protect small investors who rely on the HKEx website for company news.'

Although the attacks continued on Thursday and Friday, the HKEx said the new software it had installed had fended off the attacks.

'The hackers only jammed the website traffic and stopped people from accessing it. That actually is not so scary,' said Christopher Cheung Wah-fung, chairman of Christfund Securities.

Bill Chow Tang-bill, HKEx chief technology officer, said the unidentified hackers used a combination of techniques to disrupt the regulatory disclosure website. He did not elaborate on what these techniques were.

Police said the hackers apparently used hundreds of personal computers outside Hong Kong - including those from the mainland and across Asia, in so-called distributed denial-of-service (DDoS) attacks. While no arrests have been made, police said they would seek help abroad to investigate the case if necessary.

The authorities have yet to determine the motive, as no trading information was apparently taken. There was also no attempt to blackmail the exchange.

After the attacks, the HKEx said it would add new channels for corporate announcements. It said it would use newspaper advertisements, send e-mails and publish corporate financial results and other announcements on third-party websites.

HKEx chief executive Charles Li Xiaojia said expanding the sources of information would mean that HKEx would no longer need to suspend trading in stocks in the event that its website is disrupted again.

'It is true that most retail investors only read company news from the HKEx website,' Christfund's Cheung said. 'Until the HKEx establishes a culture in which investors use other channels to read company news, it should suspend shares from trading if the website crashes.'

Chim Pui-chung, legislator for the financial services sector, suggested that the HKEx consider having companies not post any announcements during market trading, including lunch breaks. 'If companies announced results after the market closes, then we would not need share suspensions,' Chim said.

The HKEx stressed that there had been no attacks on its trading system, which is separate and only accessible by brokers.

While the debate on the suspension policy continues, all the parties concerned agree the cyber attacks served as a wake-up call for the HKEx to strengthen online security.

However, an internet security expert said the HKEx needs to make some clarifications. Michael Gazeley, co-founder and managing director of Network Box, a Hong Kong-based security services provider, said media coverage on the attacks had been 'fairly confusing'.

'Sometimes the attacks are described as hacking attacks, other times they are described as distributed denial-of-service attacks,' Gazeley said. 'The two kinds of attack are quite different in nature, and usually have very different goals.'

Gazeley of Network Box said a DDoS attack used a large number of internet-connected computers to bombard a target website with an overwhelming number of 'requests', thus blocking access to legitimate users.

When people type a website's address on their internet browser, they are sending a request to that site's computer server to view the page. The server can only process a certain number of requests at once. So if an attacker overloads the server with requests, it cannot process those requests.

The computers used in the attacks were typically part of a 'botnet'. That means a network of personal computers remotely controlled by hackers and criminal organisations, known as 'bot-herders', to perform targeted denial-of-service attacks, spread viruses, mass-mailing worms, send spam or perform phishing scams.

Gazeley said hack attacks were usually about compromising a computer system. These enable hackers to do something nefarious, such as stealing confidential data.

Without more details about the attacks from the HKEx and the police, speculation may well arise that targeted cyber attacks on the HKEx will do more damage.

Cheung of Christfund said he and other brokers believe that the cyber attacks on the HKEx website could be used to manipulate stock trading, a criminal offence in Hong Kong.

'Next time, the hackers may publish a fake announcement on the website or change a number in the [corporate] results,' Cheung said. 'If that happens, it would create a lot of false information and panic selling.'

The HKEx cyber attacks followed a successful hacking of Zimbabwe's stock exchange site a week ago, and hacking attacks on the websites of the London and Nasdaq stock exchanges earlier this year.

'Imagine that there was more than one type of attack carried out on HKEx last week,' Gazeley said. 'While the focus of the exchange's security personnel was on the affected website, a successful hacking attack may have been carried out elsewhere in the computer network. Just imagine what the results could be.'

Network Box says there is a daily average of 6,911 intrusion attempts on the so-called internet gateways at each of its client companies.

The company has security operation centres across the Asia-Pacific, Europe and North America that scan for malicious softwares and cyber attacks.

'That's like a never-ending stream of potential criminals trying [to open] your front door to see if you remembered to lock it,' Gazeley said. 'To make matters worse, even if you have locked the door - or [network] port in computer terminology - a hacker can still make an intrusion attempt in a way similar to a criminal using a skeleton key.'

In the past two weeks, Network Box had recorded 'massive distributed denial-of-service attacks against dozens of Hong Kong companies', Gazeley said. He said these attacks had been launched from more than 150 countries, targeting financial sites.

Daniel Lai, chairman of the Hong Kong Computer Society's chief information officer board, said there was more at stake in ensuring the HKEx's operations were able to withstand attempts at a breach. 'Hong Kong is a financial centre and we must protect its reputation,' Lai said.

Besides regular reviews of the exchange's security system, he suggested that the HKEx information technology (IT) team consider so-called 'ethical hacking'.

It is an approach that originated in the US more than a decade ago. An information-technology professional with a certification as an ethical hacker is hired to audit security systems and test their defences to determine any vulnerable spots.

This type of hacking is not considered illegal because it is done at the behest of the organisation that owns the network.

The HKEx said it started spending about HK$2 billion to bolster its information technology platform and trading system.

However, in view of the recent attacks, many believe that the budget may need to be increased to ensure stronger security programmes are enacted.

HKEx is among the biggest customers of Hewlett-Packard, which provides major technical support. HP has declined to comment on the attack and its activities with HKEx. Since 1998, HKEx has been using HP's server computers. HP's most advanced servers were adopted in the so-called Third Generation Automatic Order Matching and Execution System, which was implemented by the HKEx several years ago.

In 2006, the HKEx described the upgrade as 'part of our commitment to improving market infrastructure and ensuring the highest standards of system performance'.

Apparently more work needs to be done by the HKEx IT team in buttressing the exchange's computer network, as the cyber attacks occurred during the busy quarterly reporting season when companies announce their financial results.

Douglas Li, chief executive of mobile network operator SmarTone Telecommunications which will report its second-quarter results by the end of August, said: 'I hope they're ready.'