This study examines repeat victimization (RV) and multiple victimization (MV) in business cybercrime using data from the 2024 UK Cyber Security Breaches Survey (CSBS). Drawing on Routine Activity Theory, particularly its VIVA framework (value, inertia, visibility, accessibility) and capable guardianship, it investigates how organizational characteristics, routine activities and cybersecurity practices influence victimization risks. The study applies multinomial logit, bivariate probit, and hurdle negative binomial models. Results show that RV and MV risk is not evenly distributed among victimized businesses, and that the predictors associated with initial or single victimization differ from those predicting RV and MV. The findings highlight the limitations of one-size-fits-all prevention strategies and call for more tailored, stage-specific prevention responses.
He et al. (Wed,) studied this question.