The phrase "prepare for World War 3" would have sounded alarmist five years ago. It no longer does. With active conflict running simultaneously across Eastern Europe, the Middle East, and escalating tension in the Indo-Pacific, the strategic environment in 2026 looks less like the post-Cold War peace dividend and more like the period between 1935 and 1939 — a time when those who paid attention early were the ones who fared best when the situation deteriorated. Paying attention early is still possible. That window, however, is closing.
This piece is not about predicting whether a third world war will happen. It is about the practical question of what serious preparation looks like — for individuals, for businesses, and for states — based on what defence professionals, emergency planners, and procurement specialists actually do when they take the threat environment seriously.
The foundational assumption of Western security planning since 1991 was that large-scale interstate war between major powers had become structurally improbable — that economic interdependence, nuclear deterrence, and international institutions had effectively ruled it out. That assumption has been revised, not quietly but dramatically. Russia's full-scale invasion of Ukraine demonstrated that a nuclear-armed state would initiate a large-scale land war in Europe. The Iran-Israel exchange of direct strikes on sovereign territory showed that escalation constraints in the Middle East are weaker than most analysts assumed. And the public statements of Chinese military planners regarding Taiwan have shifted from ambiguous to operational in their specificity.
None of this makes global war inevitable. What it does mean is that the probability assigned to that scenario by serious risk planners has moved from near-zero to something that justifies real-world preparation measures. Insurance is purchased not because disaster is certain, but because the cost of being unprepared exceeds the cost of the premium.
"Those who prepared early in 1936 did not cause the war. They survived it."
Civil defence thinking — which enjoyed decades of serious government investment during the Cold War and was then largely dismantled in the 1990s — is making a return. Finland, Sweden, Norway, and the Baltic states have all reissued civil preparedness guidance to their populations within the last two years. The core recommendations are consistent across jurisdictions and grounded in practical experience:
For companies operating across international markets, the threat environment presents a specific set of risks that go beyond the individual preparedness calculus. Supply chain concentration, energy dependency, and digital infrastructure vulnerability are the three areas where business resilience planning most directly intersects with geopolitical risk.
Supply chain diversification has moved from a theoretical risk management recommendation to an operational imperative. Companies that were sourcing critical components or materials from single-country suppliers — particularly in regions of elevated geopolitical tension — have spent the last three years learning the hard way why that model fails under stress. The lesson is not to eliminate international supply chains but to build redundancy into them. Dual-sourcing, strategic inventory buffers, and supplier qualification in geographically diverse jurisdictions are the practical outputs of this analysis.
Energy resilience is the second major business vulnerability. The disruption to European gas markets following the Ukraine invasion demonstrated how quickly energy price shocks translate into operational cost crises across every sector. Businesses that had invested in on-site generation capacity, energy storage, or fuel reserves were materially better positioned than those that had not. For manufacturers, data centres, and logistics operators, this is now a standard item on the risk register.
Cybersecurity posture is the third. State-sponsored cyberattacks against critical infrastructure — power grids, water systems, financial networks, logistics platforms — have escalated in both frequency and sophistication across all active conflict theatres. The business risk is both direct (operational disruption) and indirect (supply chain and counterparty exposure). A realistic cyber resilience programme includes offline backups, tested incident response procedures, and a clear understanding of which third-party systems your operations depend on.
The most useful signal of where serious risk assessment sits is not what governments say publicly but what they are procuring and funding quietly. The picture that emerges from publicly available defence budget data and procurement records is unambiguous: across NATO, the Gulf Cooperation Council, and the Indo-Pacific, governments are simultaneously increasing defence expenditure, accelerating procurement timelines, and investing in civil defence infrastructure that has been dormant for a generation.
Germany has reactivated civil defence planning structures that were wound down after 1990. Poland has introduced near-universal military training requirements. Finland and Sweden — both now NATO members — have expanded their total defence frameworks to include civilian population integration. The UAE has continued its sustained programme of defence capability expansion across multiple domains. South Korea has accelerated its own defence industrial base to a degree that has made it one of the most significant arms exporters globally within the space of three years.
The procurement decisions being made now — in ammunition stockpiling, air defence systems, anti-drone technology, communications infrastructure, and military medical supplies — reflect a threat assessment that is considerably more serious than what is being communicated in most public-facing government communications. This gap between what is being said and what is being bought is itself informative.
There is a pattern in modern conflict history that is worth stating plainly: the period between when preparation becomes advisable and when it becomes difficult is shorter than people expect, and the transition is not gradual. It is compressed into weeks. Lead times on protective equipment, medical supplies, communications gear, and food reserves extend sharply once demand surges. Prices follow. The supply chain dynamics are not linear.
This does not mean panic buying or paranoid stockpiling. It means treating preparedness as a normal planning function — the same way that competent organisations plan for fire, flood, or cyberattack — rather than as something that requires an emergency to justify. The governments and organisations that are doing this well are doing it quietly, systematically, and well in advance of any declared crisis. The ones that are not will be making decisions under pressure, with degraded options and elevated costs.
Preparedness is not fatalism. Preparing for a scenario does not make it more likely. It simply ensures that if it occurs, you are not among those who were not ready.