In a significant move addressing ongoing cybersecurity challenges, Microsoft has taken steps to tie executive compensation to the company’s security performance.
This decision follows a string of high-profile cyberattacks targeting Microsoft, including those attributed to groups like China’s Storm-0558 and Russia’s Midnight Blizzard.
The company’s CEO, Satya Nadella, recently affirmed a renewed commitment to prioritize security above all else, setting the stage for the initiative known as the Secure Future Initiative (SFI), which was launched last November. Now, this initiative has been expanded to include executives’ pay.
Charlie Bell, Executive Vice President of Microsoft Security, explained in a blog post that part of the Senior Leadership Team’s compensation will be tied to the company’s progress in meeting security goals and milestones.
The decision to link executive pay to cybersecurity performance follows recommendations from the Department of Homeland Security’s Cyber Safety Review Board (CSRB). A report from March highlighted “avoidable errors” made by Microsoft in cybersecurity efforts.
While specific details of how executive compensation will be affected remain undisclosed, the move underscores Microsoft’s commitment to fostering a proactive and engaged approach to cybersecurity across the organization.
Bell emphasized the company’s culture of continuous improvement, driven by a growth mindset.
Igor Tsyganskiy, recently appointed Chief Information Security Officer at Microsoft, has introduced a new security governance framework. This framework aims to establish a partnership between engineering teams and Deputy CISOs, who will oversee the SFI, manage risks, and report progress directly to the Senior Leadership Team.