The pandemic has demonstrated our collective dependence on organisations, systems and structures that are highly complex and, as we now know, vulnerable to disruption. And it has become clear, too, that many organisations (and people) operate day-to-day without alternative ways of working – or the depth of resources – that can carry them through difficult times. The internet, in particular, has become central to employment, business and all aspects of daily life. It’s not just about working from home; enterprises have outsourced ‘core processes’ to their customers and suppliers, from entering data and scheduling service visits to making payments – all via the internet. And we all use internet-enabled GPS when we order a home delivery. These systems depend, in turn, on the power grid, which is open to failure and even attack. And so the connections and the vulnerabilities proliferate. But we’ve learned that these systems don’t all have the ability to properly anticipate major disruption, the resilience to flex and recover in the face of it, or the fall-back capacity to go on functioning if our primary support systems fail. At the UK national level, government already publishes a register of major risks and the Civil Contingencies Committee of the Cabinet addresses emergent crises. But we need policies, plans and practices for all organisations to address not only critical events like Covid-19 and existential threats like climate change, but also the very complexity and levels of dependency created by the way we now live. Although some organisations have responded well to the pandemic, many more must be forced and helped to change if we are all to be confident in their, and our, ability to weather future challenges.