In a bold move that addresses some of the major cybersecurity concerns that have plagued the company in recent months, Microsoft has linked executive compensation to the company's security performance.
The strategic move comes after a series of high-profile attacks that hit the company, including those on China's Storm-0558 and Russia's Midnight Blizzard.
The revelation comes days after Microsoft CEO Satya Nadella confirmed that the company's renewed commitment would see it “put security above all else.”
Security Increases
The initiative, called the Secure Future Initiative (SFI), was launched last November and has now been expanded to affect executive compensation.
Charlie Bell, executive vice president of security at Microsoft, shared in a blog post: “We will instill accountability by basing part of the compensation of the company's senior leadership team on our progress in meeting our security plans and milestones.”
Microsoft's SFI expansion takes into consideration recommendations provided by the Department of Homeland Security's Cyber Security Review Board (CSRB). The March report accused Microsoft of making a series of “avoidable mistakes.”
The specific details surrounding Microsoft's decision to directly tie at least some of its executives' compensation to cybersecurity performance are unconfirmed, but it certainly reflects the company's goal of instilling a more proactive and engaged response to cybersecurity among employees. workers.
Bell added: “Our company culture is based on a growth mindset that fosters a spirit of continuous improvement.”
Redmond's chief information security officer, the newly appointed Igor Tsyganskiy, has also pushed for a new security governance framework, which Microsoft says “introduces a partnership between engineering teams and newly formed deputy CISOs, collectively responsible for overseeing SFI, manage risks and report progress directly.” to the Senior Leadership Team.”