Microsoft is tying executive pay to security performance — so if it gets hacked, no bonuses for anyone

[[{“value”:”

In a bold move addressing some major cybersecurity concerns that have plagued the company in recent months, Microsoft has linked executive compensation to the company’s security performance.

The strategic manoeuvre comes after a series of high-profile attacks affecting the company, such as those by China’s Storm-0558 and Russia’s Midnight Blizzard.

The revelation arrives days after Microsoft CEO Satya Nadella confirmed that the company’s renewed commitment would see it “putting security above all else.”

Security boosts

The initiative, which has been called the Secure Future Initiative (SFI), launched last November, and has now been expanded to affect executives’ pay.

Charlie Bell, Executive Vice President of Microsoft Security, shared in a blog post: “We will instill accountability by basing part of the compensation of the company’s Senior Leadership Team on our progress in meeting our security plans and milestones.”

The expansion of Microsoft’s SFI takes into consideration recommendations provided by the Department of Homeland Security’s Cyber Safety Review Board (CSRB). The March report slated Microsoft for making a series of “avoidable errors.”

Specific details surrounding Microsoft’s decision to directly link at least part of its executives’ pay to cybersecurity performance are unconfirmed, but it certainly reflects the company’s goal of instilling a more proactive and engaged response to cybersecurity among workers.

Bell added: “Our company culture is based on a growth mindset that fosters an ethos of continuous improvement.”

Redmond’s Chief Information Security Officer, newly appointed Igor Tsyganskiy, has also pushed a new new security governance framework, which Microsoft says “introduces a partnership between engineering teams and newly formed Deputy CISOs, collectively responsible for overseeing SFI, managing risks, and reporting progress directly to the Senior Leadership Team.”