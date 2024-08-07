Microsoft is now holding all employees accountable for security, with a failure to be proactive impacting promotion and pay rise opportunities.
In an internal memo obtained by The Verge, Kathleen Hogan, Microsoft’s chief people officer shared that due to security becoming a “core priority” for the company, all employees will be expected to prioritise security as it becomes a focus in employee performance review conversations.
Hogan’s memo outlined that employees should not view security as merely a “check-the-box compliance exercise” as staff will now be held accountable, with proactive actions concerning security being codified and reviewed.
Underscoring the importance of security for the company, Hogan stated: “When faced with a trade-off, the answer is clear and simple: security above all else.”
The memo details that all employees will set the Security Core Priority as a part of their 2025 Connect which will involve regular conversations with managers on employee progress in prioritising security.
Connect is Microsoft’s term for employee performance conversations and implies that security, alongside the company’s other key priorities of diversity and inclusion, is now a requirement for these conversations.
The memo is said to emphasise the need for employees to go above and beyond to integrate security into every facet of their work.
This ensures, staff will held accountable for actions they take in enhancing or maintain Microsoft’s security, with regular opportunities for their efforts to be reviewed and discussed.
According to The Verge, Microsoft’s internal FAQ page implies that if employees fail to prioritise security, it could impact promotions, pay raises and bonuses.
Employees will have to record and capture how they have prioritised security in their work, with technical employees having to incorporate security into their design protocols as they begin a project.
Cyber threats and remuneration
For a company such as Microsoft, which is integrated operationally in many of the world’s critical systems, being vigilant against cybersecurity must be among its top priorities.
In May 2024, the company announced that senior executive compensation will also depend on progress and actions contributing to security.
This more recent update, thus doubles down on the security emphasis, by now calling on every member of staff to be proactive in regards to security or risk losing out on promotions.
Hogan reminded employees of Microsoft’s position as a company: “We are here because our customers trust us, and we must continue to earn their trust every day”.