Microsoft leadership team's one-third bonus will now depend on cybersecurity performance

Microsoft Board today announced changes to the compensation strucuture of top Microsoft
executives on the Senior Leadership Team (SLT). In order to improve the overall security of Microsoft’s productd and services, from July 1, one-third of the individual performance bonus for each SLT member’s bonus will depend exclusively on the Compensation Committee’s assessment of the executive’s individual performance relating to cybersecurity. Security lapses in any of the products and services managed by a SLT member will severly affect their performance bonus. With this change, senior leaders are held even more accountable for security of the products and services.

Compensation Committee will do this assessment based on quantitative metrics and qualitative assessments relating to the implementation of the CSRB’s recommendations, objectives related to Microsoft’s Secure Future Initiative, and other work related to security. The company will also depend on input from a third party that will provide an additional and independent assessment of the company’s progress in these areas.

For the current fiscal year, the Compensation Committee will consider explicitly each SLT member’s cybersecurity performance as part of the annual assessment of the member’s performance.

Microsoft is also planning to make security a mandatory part of the bi-annual reviews for all Microsoft
employees. From July, these reviews will include a new “core priority” relating to cybersecurity which will force employees to discuss the work they do relating to cybersecurity with their manager. Similar to SLT, security efforts will be considered in every employee’s annual bonus and compensation.