May 7, 2024 Microsoft is reported to be tying executive compensation to its security performance, signalling a serious commitment to addressing cybersecurity concerns. This strategic decision comes after high-profile attacks, such as those by China’s Storm-0558 and Russia’s Midnight Blizzard, which have impacted the company.

This initiative, known as the Secure Future Initiative (SFI), was launched last November and has now expanded to affect executive pay. Microsoft CEO Satya Nadella affirmed that the company is prioritizing security above all else.

Charlie Bell, Executive Vice President of Microsoft Security, stated in a blog post that the company is holding its Senior Leadership Team accountable by basing part of their compensation on security performance. The initiative follows recommendations from the Department of Homeland Security’s Cyber Safety Review Board, which criticized Microsoft for “avoidable errors.”

The decision to link executive pay to cybersecurity reflects Microsoft’s goal of fostering a proactive and engaged response to security threats among its workforce. Bell highlighted the company’s “growth mindset” and focus on continuous improvement.

In addition to the SFI, Microsoft has introduced a new security governance framework, led by Chief Information Security Officer Igor Tsyganskiy. This framework creates a partnership between engineering teams and newly formed Deputy CISOs to manage risks and report directly to the Senior Leadership Team.