Microsoft has repeatedly been questioned over the past year about its commitment to offering safe and secure online products. That"s due in part to some major cyberattacks that involved the company"s services. One happened in the summer of 2023 when a Chinese-based group got access to Outlook email accounts in the US and Europe. Later in early 2024, a Russia-based group accessed the email accounts of some of Microsoft"s top executives.
Microsoft responded by launching its Secure Future Initiative, and earlier this year it announced that improving security would be the top priority above everything else at the company. It wasn"t long after that when Microsoft was criticized for its new Recall feature for Windows 11. Cybersecurity experts discovered it would be simple to view or steal anything on their PC with the feature turned on. Microsoft. The company has since announced Recall would become an op-in feature when it launches.
In the face of all that, Microsoft President Brad Smith traveled to Washington DC today to testify to the members of the U.S. House Committee on Homeland Security. In prepared remarks before he appeared before the committee today, Smith stated that one big change the company has made would make security a major part of the evaluation of each of Microsoft"s employees,
In the prepared remarks, Smith said:
These involve what the company internally refers to as “Connect” meetings and reviews that all employees have with their manager. Beginning with the new fiscal year, these assessments will include a new “core priority” relating to cybersecurity, so that all employees will identify and discuss the work they do relating to cybersecurity with their manager. With this change, cybersecurity will be considered in every employee’s annual bonus and compensation.
That accountability will also extend to Microsoft"s senior leadership team. Smith wrote:
Beginning with the start of the company’s new fiscal year on July 1, one-third of the individual performance element for each SLT member’s bonus will be based exclusively on the Committee’s assessment of the executive’s individual performance relating to cybersecurity.
We will have to wait and see if these new review efforts for both employees and executives at Microsoft will be effective.