Hogan’s memo stated that everyone “must act with a security-first mindset, speak up and proactively look for opportunities to secure security in everything we do”. Credit: Alberto Garcia Guillen via Shutterstock.

Microsoft is now holding all employees accountable for security, with a failure to be proactive impacting promotion and pay rise opportunities.

In an internal memo obtained by The Verge, Kathleen Hogan, Microsoft’s chief people officer shared that due to security becoming a “core priority” for the company, all employees will be expected to prioritise security as it becomes a focus in employee performance review conversations.

Hogan’s memo outlined that employees should not view security as merely a “check-the-box compliance exercise” as staff will now be held accountable, with proactive actions concerning security being codified and reviewed.

Underscoring the importance of security for the company, Hogan stated: “When faced with a trade-off, the answer is clear and simple: security above all else.”

The memo details that all employees will set the Security Core Priority as a part of their 2025 Connect which will involve regular conversations with managers on employee progress in prioritising security.

Connect is Microsoft’s term for employee performance conversations and implies that security, alongside the company’s other key priorities of diversity and inclusion, is now a requirement for these conversations.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Tick here to opt out of curated industry news, reports, and event updates from Verdict.

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

The memo is said to emphasise the need for employees to go above and beyond to integrate security into every facet of their work.

This ensures, staff will held accountable for actions they take in enhancing or maintain Microsoft’s security, with regular opportunities for their efforts to be reviewed and discussed.

According to The Verge, Microsoft’s internal FAQ page implies that if employees fail to prioritise security, it could impact promotions, pay raises and bonuses.

Employees will have to record and capture how they have prioritised security in their work, with technical employees having to incorporate security into their design protocols as they begin a project.

Cyber threats and remuneration

For a company such as Microsoft, which is integrated operationally in many of the world’s critical systems, being vigilant against cybersecurity must be among its top priorities.

In May 2024, the company announced that senior executive compensation will also depend on progress and actions contributing to security.

This more recent update, thus doubles down on the security emphasis, by now calling on every member of staff to be proactive in regards to security or risk losing out on promotions.

Hogan reminded employees of Microsoft’s position as a company: “We are here because our customers trust us, and we must continue to earn their trust every day”.