November 14, 2024
Microsoft employees' cybersecurity contributions will factor into their pay
Microsoft's Brad Smith told a U.S. House committee that its board will evaluate top executives' cybersecurity work when deciding on bonuses.

Satya Nadella, CEO of Microsoft, arrives at federal court in Washington, D.C., on Monday, Oct. 2, 2023.

Nathan Howard | Bloomberg | Getty Images

Microsoft will evaluate its employees’ cybersecurity contributions in reviews that will factor into their compensation, Brad Smith, the company’s vice chair and president, said ahead of a Thursday U.S. House committee hearing on the software maker’s security practices.

The changes represent part of Microsoft’s efforts to address concerns about how much it’s doing to protect its clients’ data.

In April, the Department of Homeland Security issued a report based on an independent review of China’s breach of U.S. government officials’ email accounts, an incident that Microsoft disclosed last year. Microsoft committed to changing some practices in response to shortcomings identified in the report.

In a Wednesday addendum to his written testimony to the House Committee on Homeland Security, Smith wrote that security will be a new core priority, alongside other areas, for its employees’ twice-annual reviews with managers in the 2025 fiscal year, which begins on July 1.

For senior executives who regularly meet with CEO Satya Nadella, one-third of the “individual performance” part of their bonuses in the 2025 fiscal year will be tied to a review of their cybersecurity work from the board’s compensation committee, Smith wrote. He added that a third party not identified in the addendum will provide Nadella and the board committee with an independent assessment to assist with the review.

For the current fiscal year, these high-ranking executives might see cybersecurity-related impacts reflected in their pay.

“The Board also decided that for the current fiscal year, which ends on June 30, the Compensation Committee will consider explicitly each SLT member’s cybersecurity performance when it makes its annual assessment of the executive’s performance,” Smith wrote. “Beyond the design changes to our executive pay program to include a greater accountability for cybersecurity, the Board also has the ability to exercise downward discretion on compensation outcomes as it deems appropriate.”

Last month, Charlie Bell, Microsoft’s executive vice president for security, announced that pay for senior executives would partly become dependent on the company’s progress in achieving cybersecurity goals, without providing further detail.

The hearing starts at 1:15 p.m. ET on Thursday and will be livestreamed on YouTube.

WATCH: Microsoft Security VP Vasu Jakkal talks cybersecurity with Jim Cramer