Microsoft employees’ cybersecurity contributions will factor into their pay

Microsoft will evaluate its employees’ cybersecurity contributions in reviews that will factor into their compensation, Brad Smith, the company’s vice chair and president, told members of a house committee ahead of a Thursday U.S. House committee hearing on the software maker’s security practices.

The changes represent part of Microsoft’s efforts to address concerns about how much it’s doing to protect its clients’ data. In April, the Department of Homeland Security issued a report based on an independent review of China’s breach of U.S. government officials’ email accounts, an incident that Microsoft disclosed last year. Microsoft committed to changing some practices in response to shortcomings identified in the report.

In a Wednesday addendum to his written testimony to the House Homeland Security Committee, Smith wrote that security will be a new core priority, alongside other areas, for its employees’ twice-annual Connect reviews with managers in the 2025 fiscal year, which begins on July 1.

For senior executives who regularly meet with CEO Satya Nadella, one-third of the “individual performance” part of their bonuses in the 2025 fiscal year will be tied to a review of their cybersecurity work from the board’s compensation committee, Smith wrote. A third party not identified in the addendum will provide Nadella and the board committee with its independent assessment to assist with the review, Smith wrote.

For the current fiscal year, these high-ranking executives might see cybersecurity-related impacts in their pay.

“The Board also decided that for the current fiscal year, which ends on June 30, the Compensation Committee will consider explicitly each SLT member’s cybersecurity performance when it makes its annual assessment of the executive’s performance,” Smith wrote. “Beyond the design changes to our executive pay program to include a greater accountability for cybersecurity, the Board also has the ability to exercise downward discretion on compensation outcomes as it deems appropriate.”

The hearing starts at 1:15 p.m. ET on Thursday and will be streamed live on YouTube.

WATCH: Microsoft Security VP Vasu Jakkal talks cybersecurity with Jim Cramer