attacks which occur from within an organization) pose a serious threat to an organization’s security. One tool that organizations can employ to help them detect such threats is the internal cyber-sting. An internal cyber-sting involves an organization enticing its members into performing a (controlled) internal cyber-attack in order to apprehend them. However, there is (rightly) considerable moral consternation about employing such a tool; for it is deceitful and undermines trust. The aim of this paper is to present four separate actions that might be taken by organizations to strengthen their moral reason for employing internal cyber-stings.