Microsoft announces changes to address recent security failures

The company is tying executive compensation to security targets and prioritising security over new features.

 Lamp, Architecture, Building

Microsoft announced changes in its approach to prioritising security measures in response to recent breaches. Executives’ compensation will now be tied to security targets, reflecting the company’s commitment to put cybersecurity first over rolling out new features.

Charlie Bell, Microsoft’s executive vice president for security, pledged to prioritise security. CEO Satya Nadella also underscored in an email to staff that security is now the primary responsibility of all employees.

This announcement follows an investigation by the Cyber Safety Review Board, attributing recent breaches to a corporate culture that undervalued security investments. Notably, breaches by both Chinese and Russian hackers have heightened concerns about Microsoft’s security posture, particularly regarding its services for federal agencies. More than 20 years ago, in 2002, Microsoft promised to prioritise cybersecurity in the company’s products.

Other security measures the company announced include closer collaboration between deputy chief information security officers and engineering teams. Six key security priorities have been identified, such as enhancing identity protection and isolating production systems. Regular executive meetings will monitor the progress of these initiatives, signalling a renewed commitment to earning and maintaining trust, which Microsoft considers its paramount objective.