Cyber Threats require a new governance model

A very interesting opinion by the NACD arguing that cyber threat are as complex, require as much expertise and attention and have as large impacts as financial risks. Because of this, like financial risks require an audit committee, Cyber risks warrant the creation of a separate committee of the board, of which the CISO is a member, and that can receive support from outside advisors to ensure the board adequately meets its oversight responsibilities. What do you think?