Three thousand companies took part in the survey.

HKCERT centre manager Roy Ko attributed the change to greater public awareness and an improvement in security technologies deployed.

'The percentage of companies using firewalls increased significantly to 44.5 per cent last year from 25.7 per cent [in 2002],' Mr Ko said.

Security measures taken by companies in Hong Kong have gradually improved over the years.

Anti-virus software is now deployed by 81.2 per cent of companies, while 44.5 use some form of physical security measure. Firewalls have become standard at most companies since last year.

More than 37 per cent of Hong Kong companies now have in-house staff assigned to full-time or part-time security roles, up from a mere 13.1 per cent in 2002.

But Patrick Lo Kin-wah, executive director of security specialist TI Consulting, said the drop in the number of incidents might have been a temporary phenomenon due to Sars.

'Many companies scaled down their operations significantly during the three months when Sars was affecting Hong Kong. Obviously, if most of the companies' servers were shut down, there would be significantly fewer attacks.'

The number of cases of computer crime reported to the police last year tell a different story.

Vincent Wong, chief superintendent of the Commercial Crime Bureau, said the number of incidents rose to 588 last year, from 272 a year earlier.

Excluding a sharp surge in crimes involving online gaming to 288 from 27 cases, the number of crimes rose 22 per cent.

Senior superintendent Sean Lin said the survey was limited to businesses, whereas cases reported to police also counted individuals. Moreover, most people did not report virus or hacking attacks to the police.

The survey found only 0.3 per cent of respondents would report such incidents to the police. More than half of the companies, or 56.3 per cent, considered them too trivial to take to the police.

The survey found that out of all companies that came under computer attack in the last 12 months, 91.1 per cent suffered from virus, 13.5 per cent hacking, and 5.6 per cent denial of service. Theft of information was 0.8 per cent.

The survey also revealed a significant disparity in security measures deployed by companies of different sizes.

More than half (59.1 per cent) of small companies with less than 20 staff admitted to using little, if any, security. However, 71.4 per cent of companies with more than 100 staff said they had advanced security measures in place, including virtual private networks, intrusion detection systems (IDS) and digital identification. Overall, the survey showed only 1.6 per cent of respondents had implemented IDS.

Mr Lo said this was surprising as IDS had been a standard industry requirement since 2000. His clients are the government, financial institutions and health care providers.

Regardless of how good security systems are, companies are frequently compromised by neglecting the human factor.

Mr Wong said adequate management policies and physical security measures were almost as important as technology solutions.

Mr Lin suggested companies deploy simple measures such as digital passwords and locking up laptop computers.

Mr Lo said more advanced security options were vital. These included measures such as risk assessment audits, security management policies and incident response procedures.

'In case of a disaster like the 9/?11 incident, it is not enough that you have backup systems and backup data,' he said.

'If the person responsible cannot go to work, your company cannot resume work as usual.'