Total defence is no longer a niche concept reserved for military planners and national security councils. It has become a practical framework for how whole societies – including companies and ordinary citizens – prepare for shocks that range from cyber attacks and disinformation campaigns to energy disruptions and armed conflict. While countries like Finland, Sweden and the Baltic states have been working with total defence ideas for decades, the logic behind them is now spreading across Europe and beyond. Even without access to up‑to‑the‑minute data in this moment, the direction of travel is clear: security is no longer something that states can “outsource” to their armed forces alone. It will increasingly be a shared responsibility of governments, businesses and civil society.
From a corporate and citizen perspective, this shift is both unsettling and empowering. Unsettling because it implies that “business as usual” is over, and that disruptions will be a recurring feature of our operating environment. Empowering because it offers concrete roles and tools that go far beyond passive fear and fatalism. To understand what this means in practice, it is useful to unpack the international dimension of total defence and then ask what businesses can learn from military officers, who have trained for decades to operate in uncertainty, manage scarce resources and keep people functioning under pressure.
Total Defence as an International Practice
The idea of total defence is built on a simple premise: in a serious crisis or war, the distinction between “front line” and “home front” largely disappears. Logistics chains, data networks, energy systems, health care, railways and ports become just as decisive as tanks and aircraft. That is why countries with a strong total defence culture integrate planning across ministries, local authorities, private companies and volunteer organisations rather than treating defence and civil life as separate worlds.
Internationally, you can observe at least three converging trends. First, more states are adopting “whole‑of‑society” or “integrated security” strategies that explicitly mention companies and civil society as active security actors, not just stakeholders to be informed. This is reflected in doctrines, national security strategies and exercises that involve telecom operators, energy firms, logistics providers and even retailers. Second, alliances and regional organisations are beginning to treat resilience and civil preparedness as strategic capabilities in their own right. Supporting host nation support, protecting critical infrastructure, building redundancy in supply chains and preparing populations for crises are seen as part of deterrence, not as a purely civilian add‑on. Third, the digital domain has made the boundary between national and international security porous. A cyber attack or supply‑chain disruption may originate far outside national borders but hit domestic companies and households within seconds.
For companies and citizens, this international dimension means that total defence is not simply a matter of “what our country does”, but also of how cross‑border supply chains, financial systems and information ecosystems behave under stress. Energy shortages in one region, shipping disruptions elsewhere, or foreign disinformation campaigns can all cascade into local communities and corporate operations. The lesson is that resilience cannot be built purely locally; it requires international awareness and often international cooperation, but it must be implemented in concrete routines at the company site, in the neighbourhood and at home.
The Role of Businesses and Citizens in a Total Defence Environment
Businesses occupy a unique position in any modern total defence approach. They run the critical infrastructure and services that keep societies functioning. They control the data, the logistics, the platforms and the industrial capacity that governments rely on in a crisis. At the same time, they are themselves vulnerable: to disrupted supplies, cyber attacks, staff shortages, regulatory shocks and reputational damage. In a total defence context, the question is not whether companies “join” national security, but whether they are prepared for the inevitability that their operations will be affected and needed when things go wrong.
For companies, this starts with a mindset shift. Security is not just a cost factor or a compliance checkbox; it is a strategic enabler of continuity and competitiveness. In sectors such as energy, tech, transport, finance and food, resilience has become part of the value proposition to customers and regulators. This implies that corporate risk management must evolve from narrow financial or IT‑centric views to a broader, scenario‑based understanding of hybrid threats: cyber incidents that are designed to cause panic, supply‑chain disruptions as a political signal, or coordinated disinformation to undermine trust in products or institutions. In this environment, crisis communication and business continuity planning are as much about preserving societal stability as about protecting quarterly results.
Citizens are equally central in total defence. In many countries, civil defence campaigns are returning: information on how to prepare emergency kits, how to behave during blackouts, where to get reliable information when networks fail, and how to spot disinformation. While these measures may revive memories of Cold War civil defence, they are adapted to modern realities. A well‑informed population that can cope for a limited time without external support, knows basic first aid and understands how to respond to sirens or alerts reduces the burden on emergency services and the military. It also deprives adversaries of one objective: creating chaos and panic.
From an international perspective, there is another layer: societies are watching each other. When one country successfully organises joint civil‑military exercises involving businesses and civilians, others take note. When a society reacts calmly and in a coordinated manner to a cyber incident or power disruption, it becomes a positive example and a proof of concept that resilience is more than a buzzword. Conversely, visible disorganisation and political blame games are observed by allies and adversaries alike, influencing perceptions of deterrence and vulnerability. Companies and citizens are therefore not only domestic actors, but part of the external signalling of a nation’s resilience.
What Companies Can Learn from Military Officers
If total defence is about integrating military and civilian capabilities, it is logical to ask what corporate leaders can learn from military officers. This is not about copying uniforms, hierarchy or jargon, but about adopting certain cognitive and organisational habits that have been refined in environments of high uncertainty and high stakes.
One key lesson is planning under uncertainty. Officers train to develop plans based on incomplete information, to continuously update their assessment as new facts emerge, and to accept that no plan survives first contact with reality. For companies, this translates into more dynamic risk management and business continuity planning. Instead of static risk registers and infrequent scenario workshops, organisations can benefit from adopting an “operations planning cycle” mindset: define the mission, identify critical functions, map dependencies, develop fallback options, assign responsibilities, and rehearse. In practice, this might mean regular crisis simulations that involve not only the IT department but also HR, communications, logistics and senior management. Officers can contribute by introducing structured planning frameworks, war‑gaming methods and after‑action reviews to corporate settings.
Another transferable competence is leadership in crises. Officers are trained to make decisions under time pressure, with incomplete information and conflicting objectives. They learn how to prioritise tasks, communicate clearly, and maintain cohesion in their teams even when things go wrong. Companies can learn from this approach by inviting experienced officers into leadership development programmes, not as motivational speakers but as co‑facilitators of practical exercises. This helps managers practise clear intent communication, delegation, and the art of balancing central guidance with decentralised initiative. In a total defence context, this is crucial: when a cyber incident, supply disruption or physical emergency hits, middle managers and frontline staff will need to act before top management has the full picture.
A third area is the culture of debriefing and learning. Armed forces place great emphasis on structured after‑action reviews, where operations are analysed openly and systematically: what was supposed to happen, what actually happened, why, and what should change. The objective is not to assign blame but to improve performance. Many companies struggle with this, especially when mistakes could have legal or reputational consequences. By adopting a disciplined debriefing culture, inspired by military practice but adapted to corporate constraints, organisations can turn incidents and near misses into assets for organisational learning. This is particularly important in total defence, where failures in one company can have cascading effects across sectors and borders.
Finally, there is the issue of values and resilience. Total defence is not just technical; it is also about the willingness of individuals and organisations to endure hardship and continue functioning in the service of something bigger than themselves. Officers are socialised in a value framework that places duty, service and collective security at the centre. Companies, especially those in critical sectors, may need to reflect on their own corporate purpose in similar terms. What is the organisation’s role in maintaining societal stability? How far is it prepared to go in terms of redundancy, contingency planning and investment in resilience? How does it communicate this to employees and the public without resorting to fear‑mongering? Officers with operational and strategic experience can help boards and executives think through these questions and translate them into policies and training.
Bringing officers and businesses together can take many forms: secondment programmes, joint training, advisory boards, or mixed civil‑military exercises that explicitly include corporate actors. The aim is not to militarise the private sector, but to professionalise its approach to crisis and security. In a world where the lines between peace, crisis and conflict blur, and where international interdependencies mean that shocks rarely stay contained within one country, such cooperation is not a luxury. It is a pragmatic response to a reality in which total defence increasingly defines the strategic environment in which both companies and citizens must learn to operate.
About The Author
