Microsoft ties executive pay to security performance, so if it gets hacked, no one gets bonuses
In a bold move to address some major cybersecurity issues that have plagued the company in recent months, Microsoft has tied executive pay to the company’s security performance.
The strategic maneuver comes after a series of high-profile attacks hitting the company, such as those from China’s Storm-0558 and Russia’s Midnight Blizzard.
The revelation comes days after Microsoft CEO Satya Nadella confirmed that the company’s renewed commitment would ensure it “puts security above all else.”
Security improvements
The initiative, called the Secure Future Initiative (SFI), was launched last November and has now been expanded to influence executive pay.
Charlie Bell, Executive Vice President of Microsoft Security, shared one blog post: “We will provide accountability by basing a portion of the company’s Senior Leadership Team compensation on our progress in achieving our security plans and milestones.”
Microsoft’s SFI expansion takes into account the recommendations of the Department of Homeland Security’s Cyber Safety Review Board (CSRB). The March report Microsoft accused Microsoft of making a series of “avoidable mistakes.”
Specific details surrounding Microsoft’s decision to tie at least some of its executives’ compensation directly to cybersecurity performance have not been confirmed, but it certainly reflects the company’s goal of giving employees a more proactive and engaged response on cybersecurity.
Bell added: “Our company culture is based on a growth mindset that promotes an ethos of continuous improvement.”
Redmond’s Chief Information Security Officer, the newly appointed Igor Tsyganskiy, has also pushed a new new security management framework, which Microsoft says “introduces a partnership between engineering teams and newly formed deputy CISOs, jointly responsible for overseeing SFI, managing of risks and reporting progress directly. to the senior leadership team.”