The 2007-2008 financial crisis solidified the consensus among policymakers that a macro-prudential approach to regulation and supervision should be adopted. The currently preferred policy option is the regulation of capital requirements, with the main focus on combating procyclicality and on identifying the banks that have a high systemic importance, those that are "too big to fail". Here we argue that the concept of systemic risk should include the analysis of the system as a whole and we explore systematically the most important properties for policy purposes of networks topology on resistance to shocks. In a thorough study going from analytical models to empirical data, we show two sharp transitions from safe to risky regimes: 1) diversification becomes harmful with just a small fraction (similar to 2%) of the shocks sampled from a fat tailed shock distributions and 2) when large shocks are present a critical link density exists where an effective giant cluster forms and most firms become vulnerable. This threshold depends on the network topology, especially on modularity. Firm size heterogeneity has important but diverse effects that are heavily dependent on shock characteristics. Similarly, degree heterogeneity increases vulnerability only when shocks are directed at the most connected firms. Furthermore, by studying the structure of the core of the transnational corporation network from real data, we show that its stability could be clearly increased by removing some of the links with highest centrality betweeness. Our results provide a novel insight and arguments for policy makers to focus surveillance on the connections between firms, in addition to capital requirements directed at the nodes.