Guidelines for Announcing a Cyber Attack

Denial of Service attacks, more commonly known as DDoS attacks, have become the new standard operating procedure for hackers trying to disrupt a bank’s services. In the past, banks have remained reluctant to give out any information on such attacks for fear that hackers could use that information to tweak future attacks and make them more effective. Customers on the other hand are left feeling frustrated from a lack of information from their banks. So, how can banks let their customers know that they have come under cyber attack in an effective way?

Cyber Attacks against Banks Are on the Rise

For the most part, banks do not have a choice on whether or not they tell their customers of an ongoing attack, according to As soon as bank customers find that they cannot access their account online, they will begin to question what is going on. When hackers take down a bank’s Website, banks need to respond immediately with information to their customers about what is going on and what they are doing to fix it. Customers with no clear answers tend to look for information elsewhere, whether it is reliable information or not. That is why it remains important for banks to seize control of the situation and get the correct information out as soon as possible.

How to Let Customers Know an Attack Is Occurring

Social media provides a great way for banks to connect with their customers outside of the official bank site. Facebook and Twitter allow banks to get out their message and stay connected during a crisis. This makes such avenues important, especially considering the ever-increasing occurrence of cyber attacks. But how much information should a bank give out about a current attack? For the most part, acknowledging that a problem is occurring and that steps are being taken to alleviate it might be enough. Additional contact information could also prove helpful. Below are some guidelines on what a bank can do when they come under cyber attack.


  1. Alert customers that there is a problem. Make sure to regularly update customers as well.
  2. Let customers know that their data remains safe regardless of the attack.
  3. Tell customers that the bank continues to provide world-class security.
  4. Reassure customers that the bank plans to waive any fees accrued during the outage.
  5. Let customers know about other channels they can use to access their information.
  6. Give a contact number and e-mail for customers to contact with their concerns. Make sure to have enough staff to handle the increased influx of calls and e-mails.

For more information about using social media during a DDoS attack, visit and search for “How to Tell Customers,” then choose the article “How to Tell Customers You’re Under (Cyber) Attack.”