Brad Smith, Microsoft's vice chair and president, stated that the company will assess its employees' cybersecurity contributions during reviews, which will influence their compensation. This comes ahead of a US House committee hearing on Thursday focusing on the software maker's security practices.

Microsoft's Cybersecurity Challenges

The modifications reflect Microsoft's endeavors to respond to concerns regarding the extent of its efforts in safeguarding its clients' data. In April, the Department of Homeland Security released a report regarding significant cyberattacks involving the company's services in the summer of 2023, where a Chinese-based group gained access to Outlook email accounts in the US and Europe. Subsequently, in early 2024, a Russia-based group breached the email accounts of several of Microsoft's senior executives. In response to the deficiencies highlighted in the report, Microsoft pledged to alter certain practices.

Microsoft's Secure Future Initiative

Microsoft's response to these incidents involved the launch of its Secure Future Initiative. Earlier this year, the company declared that enhancing security would supersede all other priorities. However, shortly after that, Microsoft faced criticism for its new Recall feature in Windows 11. Cybersecurity experts found that accessing or pilfering data from users' PCs would be easy with this feature enabled. Consequently, Microsoft announced that Recall would become an opt-in feature upon its launch.

Microsoft President Brad Smith traveled to Washington, DC, to testify before the US House Committee on Homeland Security in response to these challenges. In an addendum to his written testimony on Wednesday, he mentioned that security will be a new core priority, alongside other areas, for its employees' bi-annual reviews with managers starting on July 1 in the 2025 fiscal year.

READ ALSO: US Corporations Warned: Disgruntled Workers Tend to be "Human Assets" Chinese Spies Are Targeting

A Modified Executive's Pay Program

As Smith stated, for senior executives who regularly meet with CEO Satya Nadella, one-third of their bonuses' individual performance portion in the 2025 fiscal year will be linked to a review of their cybersecurity efforts by the board's compensation committee. He further noted that an undisclosed third party would furnish Nadella and the board committee with an independent assessment to aid the review process. These senior executives may observe cybersecurity-related effects reflected in their current fiscal year compensation.

Smith noted that for the current fiscal year ending June 30, the Compensation Committee will assess each SLT member's cybersecurity performance as part of its annual evaluation of executives. Additionally, beyond the modifications made to the executive pay program to enhance cybersecurity accountability, the board retains the discretion to adjust compensation outcomes as deemed necessary.

Last month, Charlie Bell, Microsoft's executive vice president for security, revealed that compensation for senior executives would partially hinge on the company's advancement in meeting cybersecurity objectives, though specifics were not disclosed.

The hearing will commence on Thursday at 1:15 p.m. ET and will be streamed live on YouTube.

RELATED ARTICLE: AI Saga Update: Elon Musk Drops Lawsuit Accusing OpenAI of Betraying Founding Mission