Bangladesh Bank (BB), the central bank of Bangladesh, experienced a highly organized cyber heist in February 2016 that seriously impaired the legitimacy of the cyber security systems of the country’s overall banking sector. This study examines the spillover effect of that cyber heist on the cyber risk disclosures of the banking sector in Bangladesh. Building on institutional theory, we propose that in emerging markets, after a notable cyber heist experienced by the country’s central bank, the banking sector of the country tends to increase cyber risk disclosures as an institutional strategy to regain legitimacy. Analyzing the disclosures in the annual reports of 38 commercial banks from 2014 to 2018, we find that banks’ cyber risk disclosures significantly increased after the BB cyber heist. We also find that the political embeddedness of the banks and their adherence to Islamic Shariah negatively influence a bank’s tendency to use cyber risk disclosures as a legitimacy-regaining strategy after the heist. Our institutional perspective offers new insights into why the banks in an emerging country engage more in cyber risk disclosures after such an atrocious cyber attack.