Are Repeatedly Extorted Businesses Different? A Multilevel Hurdle Model of Extortion Victimization

Objectives Research consistently shows that crime concentrates on a few repeatedly victimized places and targets. In this paper we examine whether the same is true for extortion against businesses. We then test whether the factors that explain the likelihood of becoming a victim of extortion also explain the number of incidents suffered by victimized businesses. The alternative is that extortion concentration is a function of event dependence. Methods Drawing on Mexico’s commercial victimization survey, we determine whether repeat victimization occurs by chance by comparing the observed distribution to that expected under a Poisson process. Next, we utilize a multilevel negative binomial-logit hurdle model to examine whether areaand business-level predictors of victimization are also associated with the number of repeat extortions suffered by businesses. Results Findings suggest that extortion is highly concentrated, and that the predictors of repeated extortion differ from those that predict the likelihood of becoming a victim of extortion. While area-level variables showed a modest association with the likelihood of extortion victimization, they were not significant predictors of repeat incidents. Similarly, most business-level variables significantly associated with victimization risk showed insignificant (and sometimes contrary) associations with victimization concentration. Overall, unexplained differences in extortion concentration at the business-level were unaffected by predictors of extortion prevalence. Conclusions The inconsistent associations of predictors across the hurdle components suggest that extortion prevalence and concentration are fueled by two distinct processes, an interpretation congruent with theoretical expectations regarding extortion that considers that repeats are likely fueled by a process of event dependence.


Introduction
Decades of research suggest that crime is concentrated on a small proportion of places ) and victims . In fact, the patterns observed have been so consistent that Weisburd (2015) has recently coined the term "the law of crime concentration at place." However, it is unclear how universal this empirical pattern might be across countries, as well as crime and target types, as most research has focused on the US and Canada, a handful of European cities, and Australia 1 ( e.g. Andresen et al. 2016Andresen et al. , 2017Curman et al. 2015;Farrell et al. 2005;Sagovsky and Johnson 2007;Perreault et al. 2010;Lynch et al. 1998;Johnson and Bowers 2010), and on "traditional" crimes against individuals and households 2 (e.g. Daigle et al. 2008;Osborn and Tseloni 1998;Pease 2004, 2003;Johnson et al. 1997;Kleemans 2001;Young and Furman 2007).
In particular, there is a notable scarcity of research that has systematically studied the concentration of organized crimes, 3 an area of study that could benefit considerably from more rigorous quantitative assessments (Sansó-Rubert Pascual 2017, p. 29-30). Thus, this study is concerned with understanding the concentration patterns of extortion-an archetypal organized crime (Tilley and Hopkins 2008, p. 449). Specifically, it examines patterns of extortion among Mexican businesses to determine if concentration occurs, and if it does, to determine the factors that may explain it.
Current research suggests that crime concentration on specific targets (henceforth "repeat victimization") is driven by two mechanisms: Risk heterogeneity (Pease 1998;Johnson 2008) proposes that enduring differences in target characteristics make some targets more attractive than others; while event dependence (Pease 1998;Johnson 2008) suggests that the risk of victimization is dynamic, with the risk to victimized targets increasing-at least temporarily-following an initial offense. Though studies have found that both mechanisms have a part to play (e.g. Johnson 2008;Lauritsen and Davis Quinet 1995;Pitcher and Johnson 2011;Lynch et al. 1998;Pease 2004, 2003), it is generally assumed that the risk factors associated with victimization prevalence-the likelihood of becoming a victim-also explain its concentration-the number of incidents per victimized target (Pease and Tseloni 2014, p. 31). Thus, analytic studies generally focus on explaining incidence-the number of incidents per potential target-using a single set of predictors to examine the entire distribution of crime, rather than examining whether the predictors that differentiate victims from non-victims also explain the amount of crime suffered by victimized targets (Pease and Tseloni 2014, p. 31).
However, this assumption is largely based on previous findings concerning household property crimes (Osborn et al. 1996), and it is unlikely to apply in the case of extortion. To explain, like crimes such as personal fraud (see Titus and Gover 2001, p. 135), extortion requires the victim's cooperation for the offender to succeed (Best 1982, p. 109), thus repetition may be influenced by a victim's level of cooperation (which can only be observed 1 Only a small number of recent studies have examined patterns in radically different contexts such as Brazil (Melo et al. 2015), Malawi (Sidebottom 2012), Taiwan (Kuo et al. 2012) and South Korea (Park 2015). 2 For exceptions see Andresen et al. (2017), Bowers et al. (1998), van Dijk and Terlouw (1996), Salmi et al. (2013), Burrows and Hopkins (2005), Gill (1998), Hopkins and Tilley (2001), Matthews et al. (2001), and Yu and Maxfield (2014). 3 Welcome exceptions are the studies on kidnapping for ransom in Colombia by Pires et al. (2014) and Stubbert et al. (2015), and Dugato's (2014) study on bank robberies in Italy. through interaction), rather than by a stable set of characteristics. Furthermore, extortion is often characterized as a long-term relationship between victims and offenders (Elsenbroich and Badham 2016;Kelly et al. 2000, p. 64); thus, repetition may be unaffected by stable risk factors once an extortive relationship has been established.
To examine this, this study uses data from Mexico's national commercial victimization survey to trial a novel modeling strategy-the multilevel negative binomial-logit hurdle model-to assess whether the predictors associated with the likelihood of extortion victimization are also associated with the number of repeat extortions suffered by businesses. If predictors are inconsistent across the two measures, this would suggest that extortion concentration is fueled by a process distinct from that which might explain extortion prevalence. Thus, this study contributes towards expanding our understanding of micro-level patterns of crime concentration in two ways. First, to our knowledge, this study represents the first application of a multilevel negative binomial-logit hurdle model to study crime concentration, 4 highlighting its potential usefulness to study other crime types where repetitions are thought to be driven by distinct processes-such as domestic violence 5 (Biderman 1980;Rand and Saltzman 2003). Second, the study contributes to the literature on crime concentration by examining whether or not the patterns consistently observed elsewhere also apply to: a) a crime type that has received little research attention, and b) a country that has so far been neglected in the literature.
The article proceeds as follows. In the next section we briefly introduce the background of extortion in Mexico. Next, we review the literature on modeling repeat victimization, and on the predictors of extortion victimization. The next section covers the data and analytical strategy employed, followed by the research findings and a discussion of their implications and limitations.

Background: Extortion in Mexico
Extortion is the third most common crime against Mexican businesses, after petty theft and robbery (INEGI 2014a). However, extortion is very prominent in the public agenda, as it has been linked to notorious episodes of violence. During the first two months of 2011 there were 119 arson attacks linked to extortion in the infamous Ciudad Juárez 6 (Guerrero-Gutiérrez 2011). Later that year, an arson attack against a casino that refused to comply with extortion demands in Monterrey (a city in northeast Mexico) killed 52 people, making it one of the deadliest criminal incidents in Mexico's recent history (Corcoran 2012;Wilkinson 2011). Lastly, widespread extortion of farmers in 2012 and 2013 led to a politically destabilizing uprising of autodefensas-self-defense paramilitary groups-in many rural areas of the country (Shirk et al. 2014, p. 10). 4 However, the approach has been used in crime research to study sentencing (Hester and Hartman 2017;Rydberg et al. 2017), intimate partner violence (Hellemans et al. 2015), specific types of homicides (Guerrero-Gutiérrez 2011;Baller et al. 2009), and the influence of incarceration on health care availability (Wallace et al. 2015). 5 Though Hellemans et al. (2015) used hurdle models in a study of intimate partner violence (IPV), their study is focused on the relationship between lifetime experience with IPV and victims' relational and sexual well-being, and does not address the factors associated with IPV repeat victimization. 6 A city on the Mexico-U.S. border, across from El Paso, Texas. In 2010, Ciudad Juárez was the most violent city in the world (Redacción 2010), with a murder rate of 216 per 100,000 inhabitants (Rios 2012).
Over the past two decades, Mexican organized crime has been transformed from a few powerful groups focused mainly on drug trafficking, to a plethora of small-though far more violent-organizations involved in drugs, extortion, kidnapping, murder and other crimes (for reviews, see Bunker 2013;Shirk and Wallman 2015). Three broad hypotheses have been proposed to explain this transformation. The first focuses on how Mexico's transition to democracy 7 -after 71 years of one-party-rule-dissolved informal political control mechanisms that kept organized crime in check, leading to violent power struggles for control of lucrative criminal markets (Rios 2015;Duran-Martinez 2015;Dell 2014;Astorga 2012;Aguirre and Herrera 2013). The second links changes in international drug markets to conflicts over strategic territories (Corcoran 2013;Rios 2012;Paul et al. 2011;Brophy 2008). Finally, the third focuses on the instability created by the Mexican government's crackdown on organized crime from 2006 onwards (Rios 2012;Calderon et al. 2015;Correa-Cabrera et al. 2015;Jones 2013;Dickenson 2014;Osorio 2015).
These approaches, concerned as they are with broad manifestations of organized crime, may explain trends in organized crime violence in Mexico-and by extension in extortion-at the national, sub-national, or even city level. However, they are inadequate to provide insight into patterns at the micro-level of places (in this case, businesses), which is the focus of this study.

Repeat Victimization
Repeat victimization (RV) occurs when a target (however defined) suffers the same offense two or more times during a given time period (Grove and Farrell 2010;Pease 1998). In a seminal study, Farrell and Pease (1993) noted that according to the 1982, 1988, and 1992 sweeps of the British Crime Survey, repeat victims suffered between 71% and 81% of all incidents, yet they amounted to only 14-20% of respondents. International evidence is consistent with these findings. Based on results from 17 countries originally reported by Farrell and Bouloukos (2001), Farrell and Pease (2011) estimate that around "40 per cent of crimes against individual people and against households are repeats ... with variation by crime type and place" (p. 123).
Patterns of RV were first identified during the 1970s with the advent of victimization surveys. These were instituted to measure the extent of crime while overcoming the fact that many crimes were not reported to (or recorded by) the police (Gottfredson 1986;Sparks 1981b;Wetzels et al. 1994). Surveys provide two measures of crime: the number of victims (prevalence), and the number of crime incidents (incidence)-both usually expressed as per capita rates. The ratio of incidence to prevalence (concentration) provides a crude summary of repeat victimization. However, these summary measures are insufficient to grasp the extent of concentration, as they ignore the wide disparity in crime risks experienced across the population. Thus, the extent of crime concentration is better represented by the frequency distribution. Early studies that analyzed such distributions demonstrated that concentration was unlikely to be the product of chance (Hindelang et al. 1978, p. 125-149;Sparks et al. 1977, p. 88-106). This was demonstrated by comparing the observed frequencies to those generated by a Poisson 8 process, which indicated that there were far more repeat victims than those expected (Sparks et al. 1977;Hindelang et al. 1978). These non-random patterns, in turn, suggested that either events were not independent-and concentration was due to a contagion-like process-or that the population could not be characterized by a constant rate-meaning that the some individuals faced different risks of victimization (Sparks 1981a, p. 766-767). More recent research which has explicitly examined risk heterogeneity and event dependency, however, suggests that both mechanisms contribute to repeat victimization, and that the processes act in concert (see Johnson 2008;Pease 1998;Pitcher and Johnson 2011).
Empirical backing for the first mechanism-known as "boosts" (Pease 1998), "state dependence" (Lauritsen and Davis Quinet 1995;Osborn and Tseloni 1998), and "event dependence" (Johnson 2008, the term we use hereafter)-comes from longitudinal studies that have found that victimizations suffered in previous periods increase the risk of suffering crimes in the future, even after controlling for stable risk factors (e.g. Lauritsen and Davis Quinet 1995;Lynch et al. 1998;Pease 2004, 2003). Further evidence for event dependence is found in the temporal and spatial patterns of repeat and near-repeat victimization (see Morgan 2001), which show temporary increases in risk to victimized targets and those in their vicinity shortly after an offense has taken place (Polvi et al. 1991;Johnson et al. 1997;Johnson and Bowers 2004;Johnson et al. 2009). On the other hand, evidence for the second mechanism-known as "flags" (Pease 1998), "population heterogeneity" (Osborn and Tseloni 1998;Nelson 1980;Lauritsen and Davis Quinet 1995;Wittebrood and Nieuwbeerta 2000), and "risk heterogeneity" (Johnson 2008, the term we use hereafter)-is found in studies that have analyzed how individual and contextual characteristics are associated with differing risks of victimization (Miethe and Meier 1990;Miethe and McDowall 1993;Lauritsen 2010;Lauritsen and Rezey 2018).
In terms of theory, both mechanisms are underpinned by environmental criminology (Bouloukos and Farrell 1997;Farrell and Pease 2014;Wartell and Gallagher 2012). The rational choice perspective (Cornish and Clarke 1985;Clarke and Cornish 2017) explains why a) certain characteristics make some targets appear more attractive or vulnerable to a wide range of offenders, as they speak to the effort, risks, and rewards that offenders consider when engaging in a crime (Cornish and Clarke 1987;Clarke and Cornish 2017), and also b) how knowledge gleaned from past crimes influences future target selection (Cornish and Clarke 1985). On the other hand, the routine activity approach (Cohen and Felson 1979;Felson 2017) and crime pattern theory (Brantingham et al. 2005;Brantingham and Brantingham 1993) explain how human ecology and urban topology shape the convergence of suitable targets and likely offenders in the absence of capable guardians, and thus provide explanations for a) the heterogeneous distribution of risk (Grove and Farrell 2010;Maxfield 1987b), as well as b) the constraints imposed by the underlying ecological and urban structure to temporary increases in crime risk following an initial event (Johnson et al. 1997;Sagovsky and Johnson 2007;Rosser et al. 2016).

Modeling Repeat Victimization
In addition to measuring crime, victimization surveys capture a wealth of information regarding respondents and their environments, such as demographic and socioeconomic characteristics, the presence of protective and security equipment, lifestyle details, perceptions and fear of crime, and measures of neighborhood disorder (UNODC/UNECE 2010; Cantor and Lynch 2000;Pease and Tseloni 2014). Such information has provided opportunities to investigate the potential associations between victimization risks and target (as well as contextual) characteristics (e.g. Hindelang et al. 1978;Sparks et al. 1977;Miethe et al. 1987;. However, most early approaches to modeling victimization focused on the prevalence of victimization. These studies applied logistic regression to identify the factors associated with the risk of being victimized (e.g. Maxfield 1987a;Miethe et al. 1987). Such approaches, however, disregard the differential risks associated with repeat victimization (Pease and Tseloni 2014, p. 35). Pease and Tseloni (2014) ascribe this to the fact that the significance of repeat victimization had been somewhat neglected, and to a lack of accessible statistical tools and techniques suitable for the analysis of count data (p. 35).
Crime incidents are recorded as discrete counts with a lower bound of zero, requiring special modeling frameworks such as the Poisson (e.g. Berk and MacDonald 2008;Mac-Donald and Lattimore 2010). Furthermore, incidence data tend to be heavily right-skewed, with many observations for zero incidents and a long tail with few observations for targets that suffered many incidents. This leads to overdispersion, which occurs when the variance of a distribution exceeds its mean (Cameron and Trivedi 2013, p. 4;Hope and Norris 2012, p. 544). The implication of this for modeling is that the standard Poisson model (which assumes that the mean of a distribution equals its variance) can generate erroneous standard errors (Rydberg and Carkin 2016, p. 63). Thus, the preferred distribution to model crime incidence is the negative binomial (see Pease and Tseloni 2014;Tseloni 1995). This allows overdispersion to be incorporated via a dispersion parameter (see the "Analytical Strategy" section), which captures unexplained differences in crime incidence between two targets that are otherwise identical in terms of the covariates included in the model (hereafter "unexplained heterogeneity", Osborn and Tseloni 1998). This modeling approach has been further strengthened by the use of multilevel 9 models (e.g. Goldstein 2011) which can incorporate hierarchically structured and repeated measures data and can help (in the context of crime and place) distinguish how much unexplained heterogeneity can be attributed to area and individual-level sources (for a seminal study, see Tseloni 2006).
With this modeling framework, studies test the risk heterogeneity hypothesis by incorporating covariates thought to affect a target's expected victimization incidence. For example, in a study on burglary victimization across Europe, Tseloni and Farrell (2002) used a multilevel negative binomial model to investigate the effects of household and countrylevel characteristics on burglary incidence in eight European countries. Controlling for the effect of previous victimizations, the study found significant sources of risk heterogeneity consistent with the routine activities theory: absence of guardianship (e.g. being single or divorced), being close to likely offenders (as measured by household poverty), and increases in target attractiveness (e.g. car ownership as a sign of household affluence) were associated with increases in burglary incidence, to cite a few examples (Tseloni and Farrell 2002, p. 156-157). Furthermore, the study also found there was essentially no unexplained heterogeneity due to between-country differences, meaning that unexplained differences in burglary risk were likely due to target and subnational (e.g. city or region) level differences (Tseloni and Farrell 2002, p. 155-156).
Event dependence, on the other hand, can be tested by incorporating the temporal dimension using longitudinal data (Lynch et al. 1998, p. 15). While Tseloni and Farrell (2002) included measures of previous victimization experiences, the cross-sectional nature of the data they used (the International Crime Victims Survey, see Mayhew and van Dijk 2014) impeded their ability to explicitly model the effects of event dependence on crime incidence (see Lynch et al. 1998). Studies that have employed longitudinal victimization data (e.g. repeated interviews with the same target), have found that victimization experiences in earlier observations are significant predictors of victimizations in posterior observations, even after controlling for risk heterogeneity (e.g. Lauritsen and Davis Quinet 1995;Lynch et al. 1998;Pease 2004, 2003).
Most victimization surveys employ cross-sectional designs (Lynch 2006, p. 249;Mayhew andvan Dijk 2014, p. 2604). In practice, this means that models based on cross-sectional data-the type of data used in this study-cannot distinguish between event dependence and risk heterogeneity, lumping the effects of the former with those of unexplained heterogeneity (Osborn et al. 1996;Osborn and Tseloni 1998;Pease and Tseloni 2014;Heckman 1981).
A potential workaround initially considered to explore the effect of event dependence in the absence of longitudinal data was to assess whether the factors that explain one-time victimizations differ from those that explain repeated incidents. In a seminal paper, Osborn et al. (1996) employed a "double hurdle" bivariate probit model to compare the transition probabilities from non-victim to victim and from one-time victim to repeat victim for household property crimes, but found that the predictors of first and repeated victimizations were generally the same (Osborn et al. 1996, p. 243). This finding has been influential in subsequent studies and is widely cited as a justification to use a single set of predictors to explain the entire distribution of crime incidents (e.g. Tseloni et al. 2002, p. 113;Pease and Tseloni 2014, p. 31;Tseloni and Pease 2014, p. 5).
This consensus fails to consider that the effect and relative contributions of risk heterogeneity and event dependence to repeat victimization may vary considerably across different crime types (Johnson 2008, p. 236). One of the most parsimonious explanations for event dependence draws from the fact that offenders often return to victimize past targets (Bernasco 2008;Everson and Pease 2001), suggesting that the choice of future targets is influenced by previous experience (Johnson 2014;Bernasco 2008;Johnson et al. 2009). It follows that the contribution of event dependence will likely be higher for crimes where "the effort and/or risk of a second offence is clarified by victim response to a first offence" (Farrell et al. 1995, p. 396). For example, in a study of bank robbery, Matthews et al. (2001) found that success in past robberies was positively associated with future incidents-the amount stolen in past incidents adequately predicting future risk. Thus, as extortion is a crime where success depends on a victim's willingness (reluctance) to cooperate (Best 1982, p. 109), the manner in which the victim responds may have a strong bearing on an offender's decision to repeat the offense against the same target. For example, compliance in one incident could beget further victimizations as the victim is known to be lucrative and responsive.
Furthermore, the importance of event dependence is likely to be decisive in crimes where repeated victimizations are the product of an ongoing relationship between victims and offenders, such as recurrent violent episodes framed within an abusive relationship (Biderman 1980, p. 29;Rand and Saltzman 2003). It is likely that extortion falls within this category of offenses, as repeated extortions are often characterized as an ongoing condition (Biderman 1980, p. 29;Elsenbroich and Badham 2016;Kelly et al. 2000, p. 64). Thus, concentration on repeatedly extorted targets may be unaffected by risk heterogeneity and instead indicate that such an institutionalized relationship exists. Therefore, it is conceivable that the risk factors affecting extortion prevalence may be distinct from those that affect extortion concentration, which warrants a modeling strategy that is able to differentiate such mechanisms.

A Hurdle Model of Extortion Victimization
The hurdle model (Mullahy 1986;Cameron and Trivedi 2013) is a suitable alternative for distinguishing the factors that influence prevalence from those that influence concentration. These models (unrelated to the "double hurdle" bivariate probit used by Osborn et al. 1996) combine two processes: one that generates positive counts ( ≥ 1 ) versus zero counts ( = 0 ); and another that generates only positive counts ( ≥ 1 ) (Hilbe 2011, p. 355). The first process corresponds to the prevalence risk and is usually modeled using logistic regression, whereas the second estimates concentration using a truncated count model-usually the truncated-at-zero negative binomial, as the distribution remains overdispersed (Cameron and Trivedi 2013).
An alternative is the zero-inflated model (Lambert 1992). Zero-inflated models are similar to the hurdle framework insofar as they consider that counts are produced by a mixture of two distinct mechanisms. However, these types of model were developed to handle a specific problem encountered with some data-excess zeroes (e.g. Hilbe 2011, p. 355;Park andFisher 2015, p. 1138;Tseloni and Pease 2014, p. 22). Rather than explicitly distinguishing between the processes that lead to prevalence and concentration, zero-inflated models consider that there is one process granting "immunity" to some targets, and a second that determines the incidence of victimizations that nonimmune targets experience (e.g. Park 2015; Park and Fisher 2015). Crucially, the process generating counts does not only estimate positive counts, but zero counts as well. The latter correspond to targets that, although not deemed to be statistically immune to victimization, did not experience any incidents during the period sampled. Thus, given that zero-inflated models do not explicitly distinguish prevalence from concentration, they cannot determine whether predictors are constant across both measures, and as such are unsuitable for our purposes here. Furthermore, the data used in the current study showed no signs of zero-inflation when compared to a negative binomial expectation (see the "Univariate Analysis" section), and hence would also be unsuitable for this reason.
In contrast, hurdle models first assess the risk of victimization prevalence across all targets, and then estimate the concentration of incidents experienced by victimized targets. If victimization patterns are taken as an indirect measurement of offender-decision making (Hough 1987), then the hurdle model allows us to indirectly test whether the factors that influence victim-selection decisions are distinct from those that affect the decision to target past victims. Such an interpretation would be consistent with the effect of event dependence discussed above, where the decision to commit a repeat extortion is associated with the outcome of the first extortion attempt. Similarly, the hurdle model can also be seen as a more appropriate model of an extortive relationship, with predictors for prevalence explaining the risk of being initially targeted for an extortive relationship, and the predictors for concentration explaining how much exploitation businesses can expect once the relationship has been established.
In any case, to empirically assess if extortion exhibits a pattern of repeat victimization consistent with the hurdle framework, the observed distribution of extortion must first be shown to exceed chance expectation, as some level of repeat victimization is to be expected by chance. Thus, our first hypothesis is: • H1: There are significantly more repeat extortion incidents than would be expected on the basis of random victimization.
If repeat extortion is found to be non-random-and given that the role of event dependence is expected to be more prominent in the case of extortion, and that extortion often leads to enduring victim-offender relationships-we expect that once a business is victimized, extortion concentration will not be consistently associated with the predictors of extortion prevalence.
• H2: Once a business is extorted, the predictors that explain extortion concentration are different from those that explain extortion prevalence.

Predictors of Extortion Victimization
Broadly, extortion is demanding something-such as goods, services, property and especially money-through intimidation, e.g. by threatening violence or other harms (extortion 2010; Savona and Sarno 2014; Elsenbroich and Badham 2016; extortion 2017). The extortion of businesses is often considered a quintessential activity of organized crime groups (von Lampe 2005, p. 235;Paoli 2014, p. 7;Campbell 2013, p. 32;Konrad and Skaperdas 1998, p. 462;Frazzica et al. 2013, p. 99;Schelling 1971, p. 646-647;Tilley and Hopkins 2008, p. 449). Yet, the literature on extortion has rarely been concerned with understanding the phenomenon at the incident level, focusing instead on broader manifestations of institutionalized extortion, 10 which involves "the continuous, regular and systematic extortion of several victims" (Elsenbroich and Badham 2016).
Consequently, there has been scant research on the micro-level factors associated with extortion victimization. Attention has focused instead on macro-level factors that are thought to be associated with widespread extortion ( e.g. Savona and Zanella 2010;TRANSCRIME 2009). Therefore, the literature so far makes few suggestions regarding micro-level variables that may be useful as predictors of extortion risk. In this section we provide a brief overview of the macro and micro level factors that have been thought to affect extortion victimization. It is important to note that this review does not aim to list all possible sources extortion risk, but to identify variables that may be used to test H2.

Macro-level Influences
Research on extortion by organized crime emphasizes the importance of macro, area-level influences. For example, Kleemans (2018) asserts that the level of aggregation relevant to study extortion is not "a specific point in space where an offender meets a target," but broader "territories" controlled by organized crime groups (p. 874). Though no study has examined the effect of area-level characteristics on repeat extortion, it is possible to identify three potential predictors: • Rule of law: According to protection theory (see Kleemans 2015Kleemans , 2018, extortion is an outcome of "alternative governance" structures imposed by criminal groups absent strong legitimate governance (Kleemans 2018), whereby groups "tax" businesses operating in their territories in exchange for "protection" (Gambetta 1993;Paoli 2002;Kleemans 2014;Varese 2014). Thus, a potential predictor of extortion risk at the macro-level is the "strength" of legitimate governance structures across Mexican states (Sung 2004;Skaperdas 2001). • Corruption prevalence: Researchers have also noted that the absence or presence of legitimate governance is not the only relevant variable, its quality must also be considered. Thus, studies have found that widespread predatory corruption (a marker of bad governance) may be an important predictor of increased extortion risks (e.g. Díaz-Cayeros et al. 2015;Tulyakov 2001;Morris 2013;Frye and Zhuravskaya 2000). • Nature of local organized crime groups: The term "organized crime" is an umbrella term used to group a wide variety of criminal structures, activities and extra-legal governance arrangements (von Lampe 2016; Paoli and Vander Becken 2014). In particular, not all organized crime groups engage in the same types of criminal activities. Recent research classifies Mexican criminal groups into two types: a) those that are mostly focused on drug trafficking, and b) those that are more reliant on violence and Mafiastyle "protection" markets-i.e. extortion. (Jones 2016;Corcoran 2013;Guerrero-Gutiérrez 2011). Thus, it would be expected that: (a) areas where drug trafficking-focused organized crime groups operate may be associated with lower extortion risks, and (b) areas where violent, mafia-style organized crime groups operate may be associated with higher extortion risks.

Micro-level Influences
The literature on repeat victimization has consistently found that area crime rates mask substantial within-area heterogeneity. Indeed, in the case of extortion Savona and Sarno (2014) and La Spina et al. (2014) note that victim selection is not random, but is instead guided by victim vulnerability (see also Savona 2012, p. 8). While no research exists that has systematically analyzed business-level explanations for extortion risk in the Mexican context, findings from other contexts suggest predictors for use in this study: • Corruption victimization: While corruption at the macro-level suggests an indirect relationship between the quality of governance and extortion risk, the often close relationship between organized criminals and government officials in Mexico (Díaz-Cayeros et al. 2015, p. 255-256;Morris 2013) suggests that a direct relationship between extortion and corruption victimization at the micro-level is also plausible. Alternatively, a relationship at the micro-level could be due to the presence of a variable independently affecting extortion and corruption risk-e.g. a vulnerability that separately attracts both extortionists and corrupt officials. This would be consistent with findings on multiple victimization that suggest not only that a) specific types of crime are concentrated on a small subset of targets, but also that b) those who repeatedly suffer one type of crime are more likely to suffer other types . • Business age: The literature suggests that older businesses may be somewhat protected from extortion due to long-standing ties developed in their communities (and hence with organized criminals that operate there) (Varese 2011(Varese , 2014, and that new busi-nesses may inadvertently attract organized criminals by drawing attention to themselves through opening ceremonies or advertising (Chin et al. 1992; Kelly et al. 2000;Chin et al. 1992) suggests that some business types-particularly restaurants, hotels and bars-are at especially high risk of extortion. It is assumed that these business types are particularly at risk due to being inherently vulnerable to intimidation (Schelling 1971, p. 648-649). • Business size: Several studies have found business size to influence crime risk in general and extortion in particular, however the precise mechanism behind this relationship is unclear. Gill (1998) notes that small businesses in the UK suffer disproportionally more crime, which may suggest that risk is related to victim vulnerability. Yet, there is also evidence pointing to elevated extortion risks for larger businesses (Broadhurst et al. 2011;Kelly et al. 2000), which suggests that extortionists might select victims on the basis of potential rewards. We speculate that there is a trade-off between vulnerability and profitability: while smaller business may be more vulnerable, they offer fewer potential rewards making them less attractive to extortionists.
In the next section, we discuss the data analyzed and the analytical strategy adopted.

Data
The primary data analyzed are from the 2014 sweep of Mexico's nationally representative commercial victimization survey, the Encuesta Nacional de Victimización de Empresas (ENVE, INEGI 2014c). This is, to our knowledge, the largest sample survey of business crime victimization that has been conducted hitherto and provides a rare opportunity to subject extortion patterns to systematic quantitative analysis. The survey is conducted biennially, sampling all business sectors except agriculture and the public sector. The first part of the survey, the main questionnaire, records the prevalence and incidence of crimes suffered by respondents during the previous calendar year (in this case, 2013). The victim form focuses on information concerning each incident of victimization (though capped at 7 victim forms per crime type per victim, Jaimes Bello and Vielma Orozco 2013). We analyzed responses captured in the main questionnaire, as these offer a readily available uncapped summary of victimization experiences 11 (Trickett et al. 1992;Farrell and Pease 1993). The sample consisted of 33,479 business premises stratified and randomly selected from INEGI's National Statistical Directory of Economic Units 12 (Directorio Estadístico Nacional de Unidades Económicas, DENUE, with 3.7 million units) (INEGI 2014b). Responses were collected through face-to-face interviews with the highest-ranking person in micro and small businesses, and with security or finance managers in medium and large businesses. Computer assisted telephone interviewing (CATI) was used to follow up incomplete questionnaires (Jaimes Bello and Vielma Orozco 2013), leading to a response rate of 84%.
Access to the anonymized individual responses collected by the ENVE is restricted by INEGI, as the combined characteristics of each respondent could potentially be used to infer their identity. This means that all analyses presented herein had to be performed remotely with no interactive access to the data. To overcome this constraint, all analyses were conducted using automated R scripts 13 -which provide the additional benefit of ensuring reproducibility-and remotely processed by INEGI staff in Mexico City on a Windows platform and R (R Core Development Team 2015). Downsides of this are that we had very limited control over the computational resources available (including software availability), and that analyses took longer to complete (as they could not be conducted interactively).

Dependent Variable
The dependent variable is the number of incidents of extortion 14 suffered by surveyed businesses. The prevalence rate was 80.46 victims per 1000 businesses, whereas the incidence rate was 132.77 incidents per 1000 businesses. The concentration rate was thus 1.65 extortions per victim. However, the distribution of extortion, shown in Table 1, reveals that extortion victimization is far more concentrated than such summary statistics would suggest. Repeat victims-i.e., businesses that suffered two or more extortion incidents in 2013constituted 2% of all respondents (27% of victims) but accounted for 56% of all extortion incidents. Businesses that experienced three or more incidents amounted to less than 1% of the sample (12% of victims), yet suffered 38% of all incidents of extortion. Moreover, the distribution clearly exhibits overdispersion (Cameron and Trivedi 2013, p. 4), with its variance ( 0.547 ) being more than four times larger than its mean ( 0.133).
It is also relevant to note that the tail of the distribution in Table 1 exhibits a clustering of responses at 10 events, with responses for greater counts occurring only at multiples of 5 or 6. As (Farrell and Pease 2007, p. 45) note, such clustering is ubiquitous in victimization studies and reflects respondents' tendency to estimate high frequency event counts around likely reference points (such as multiples of 5 or 10 for the decimal system, or of 6 and 12 for the calendar year). It is generally assumed that some victims are victimized so often that they must use heuristics to estimate the amount of victimization incidents experienced. This reflects the well-known just noticeable difference phenomenon (Farrell and Pease 2007), also known as difference threshold (Colman 2015). While this effect does introduce some potential measurement error, it is important to note that such victim estimation 13 Available upon request. 14 The ENVE defines extortion as "any kind of threat or coercion committed against the local unit's owner or staff for the purpose of obtaining money, goods or forcing them to do or stop doing something" (Jaimes Bello and Vielma Orozco 2013, p. 172). This definition is similar to that adopted by Chin et al. (1992) in a victimization survey of businesses in New York "Chinatowns," insofar as it treats "demanding money or the provision of goods and services to avoid violence or harassment" as the working definition of extortion (p. 629). Given that only licit-i.e. officially registered-businesses were sampled, this study does not consider extortions committed against informal-i.e. unregistered-businesses, or those against other criminal actors.
Alternatively, such clustering may be explained by institutionalized racketeering, as is expected in the case of organised crime-related extortion. In such contexts, businesses could be expected to pay extortion demands at regular intervals (e.g. monthly, fortnightly, weekly), and would thus also cluster at said intervals. As INEGI (2014c, p. 29) notes, if a business is extorted weekly the survey would capture 52 incidents, a figure not much greater than the maximum event count observed in Table 1. Considering the state-level distribution of extortion (see panels A and B in Fig. 1), it is evident that extortion is not uniformly distributed across the country. Notably, the state distribution of the prevalence of extortion (panel A) is not the same as that of its concentration (panel B). This would suggest that states where becoming the victim of extortion is more likely are not necessarily the same where repeat extortion victimization is more frequent. To explore this further, we examined the bivariate relationship between state-level prevalence and concentration (see Fig. 2). The analysis suggested that there was no statistically significant association between extortion prevalence and concentration at the state level ( R = −0.086 , p = 0.64 ), which supports the view that prevalence and extortion are fueled by distinct processes (at least at the state level). 15

Independent Variables
Given the potential predictors identified in an earlier section, four macro-level variables measured at the state level (corruption prevalence (log), federal weapon crimes (log), federal drug crimes (log), and rule of law), and four micro-level variables measured at the level of individual business units (corruption victimizations, years in business, business type, and business size) were operationalized as independent variables. We included three additional macro-level variables (number of surveyed businesses (log), population (log) and competitiveness 16 ) as controls. Table 2 presents descriptive statistics for the independent variables, while Fig. 1 presents a series of thematic maps summarizing how these variables, as well as key indicators of extortion, vary across Mexico.
Macro-level variables • Rule of law: To measure the strength of the legitimate governance structure, we used a rule of law index obtained from the Mexican Institute for Competitiveness (Instituto Mexicano para la Competitividad, IMCO 2016), a think tank. 17 • Corruption prevalence: Measures the number of businesses in a state that reported being the victim of corruption in the ENVE. 15 In contrast, see (Sidebottom 2013, p. 154-155) for a positive and statistically significant relationship between area-level prevalence and concentration of burglary victimization in Malawi, which suggests that at least some of the area-level factors affecting burglary victimization in that country also affect the number of repeat burglaries suffered. 16 We used a modified version of IMCO's competitiveness index that assesses states on a 100 point scale (higher is better) according to their 2013 performance in nine subindices measuring business friendliness. The version we used excluded the rule of law component as this is used as a dependent variable. 17 We used a revised version of the index grading states on a 100 point scale (higher is better) based on 2013 measures of kidnapping incidence, vehicle theft, costs of crime, total personal and household crime incidence, the dark figure, fear of crime, availability of notaries, and contract enforcement. We excluded homicide rates from the revised index, as these were collinear with our other independent variables.
•  (2015). This variable serves as a proxy measurement of organized crime groups' capacity to inflict violence, as such crimes refer to those involving high-powered weapons-as well as seizures of such weapons and ammunition-traditionally associated with organized crime groups.

Micro-level variables
• Corruption victimizations: Captured as counts in the ENVE by the question: "In total, how many separate acts of corruption did you suffer during 2013?" (INEGI 2014d). An act of corruption refers to a situation where a public servant-or a third party acting on their behalf-directly asked for, suggested, or set the conditions for the payment of a bribe by the business (Jaimes Bello and Vielma Orozco 2013; INEGI 2014d). • Years in business: Calculated by subtracting the year respondents reported that their business started operations from the survey reference year (i.e. 2013). As our interest is modeling the effect of being a new business in comparison to older businesses, rather than the effect of an additional year in business, nominal categories were considered more appropriate. Thus, businesses were binned into quintiles from the 20% youngest to the 20% oldest.

Analytical Strategy
Our analysis was conducted in two parts. First, using an implementation of the Kolmogorov-Smirnov test (KS test, Upton and Cook 2014a) for discrete distributions proposed by Arnold and Emerson (2011), we assessed H1 by comparing the observed distribution of extortion to that expected under the null hypothesis of random victimization-the latter estimated by a Monte Carlo simulation of a Poisson process with 500 replicates. Additionally, to assess if the observed distribution presented more zeroes than expected, we compared the observed prevalence to that expected under simulated Poisson and negative binomial distributions using contingency tables. Next, we used statistical modeling to assess H2. The standard model used to estimate victimization counts is the multilevel negative binomial 20 model (MNB) (Tseloni and Farrell 2002). Considering y ij is the count of extortion victimizations suffered by the ith business, in the jth state, and that x ′ ij is a vector of covariates thought to determine y ij , the MNB model for the mean of event counts, E[y ij |x � ij ] = ij , can be represented by: where 0 is the intercept, and 1 is a vector of fixed regression coefficients that quantify the relationship between x ′ ij and ln( ij ) . u 0j is the random variation in 0 associated with each state j , and ij is a gamma distributed error term that incorporates overdispersion via the parameter (see Cameron and Trivedi 2013;Tseloni and Farrell 2002;Hilbe 2011). The probability function of the MNB model (see Cameron and Trivedi 2013;Hilbe 2011, ) is given by: (1) The categories are, in industry: mining, construction, and manufacturing; in commerce: retail and wholesale; in services: transport, media, finance and insurance, real estate, professional scientific and technical services, maintenance providers, education, health, leisure, restaurants, hotels and bars, and other services. Observations corresponding to 18 businesses classified as utilities and corporate offices were excluded as there were problems of complete and quasi-complete separation. 19 Micro businesses have 10 employees or fewer; small businesses employ between 11 and 50 people (11-30 in commerce); medium businesses employ between 51 and 250 in industry, 31-100 in commerce, and 51 to 100 in services; large businesses are those with 101 or more employees (251 or more in industry). 20 We used the standard NB2 formulation of the negative binomial variance function, 2 ij = ij + 2 ij (Cameron and Trivedi 2013).
When → 0 , the probability function collapses to the Poisson (Cameron and Trivedi 2013, p. 85), meaning that there is no business-level unexplained heterogeneity. Conversely as becomes larger, unexplained heterogeneity between businesses increases. Heterogeneity at the state level is captured by 2 u 0 , and the formula = 2 u 0 ∕( 2 u 0 + ) , allows the calculation of the intra-class correlation (ICC), which represents the correlation of the mean of extortion incidents between two identical businesses in the same state (see Goldstein 2011;Tseloni and Farrell 2002). Conversely, the inverse of the ICC, 1 − , represents the probability of two identical businesses anywhere in the country experiencing the same number of extortion victimizations, after controlling for between-state differences.
We hypothesized (H2) that extortion concentration is produced by a process different from that which generates extortion prevalence, thus the MNB model is unsuitable for our purposes-as it uses the same probability function (Eq. 2) for all values of y . The multilevel negative binomial-logit hurdle model (MNB-LH), in contrast, is a suitable alternative. The fundamental logic underpinning hurdle models (Mullahy 1986) is that they allow the specification of distinct probability functions for observations where y = 0 , and y > 0 (Cameron and Trivedi 2013): where f 1 (0) is the probability of observing a zero count. If the hurdle is crossed (if y > 0 ), the truncated count density is given by f 2 (y)∕(1 − f 2 (0)) , which needs to be multiplied by 1 − f 1 (0) to ensure that probabilities sum to one (Cameron and Trivedi 2013). In practice, f 1 (⋅) can be estimated using the logit model, specified in its multilevel form (Goldstein 2011) as such: where 0 is the intercept for the binary model, 1 is a vector of fixed coefficients that quantify the relationship between x ′ ij and ln( ij ) , and v 0j represents the random variation in 0 associated with each state j . The probability of observing zero ( f 1 (0) ) is given by (Hilbe 2011): and the probability of crossing the hurdle ( 1 − f 1 (0) ) is thus (Hilbe 2011): Taking the standard negative binomial density in Eq. 2 as f 2 (⋅) , the truncated density needs to be rescaled as shown in Eq. 3. The f 2 (0) density is (1 − ij ) −1∕ (Hilbe 2011), and 1 − f 1 (0) is shown in Eq. 6. Thus, the multilevel truncated negative binomial density for y ij > 0 is: where ij is estimated using Eq. 1 and restricting y ij > 0 . The complete multilevel negative binomial-logit hurdle model is therefore: An advantage of the hurdle model is that its components (the prevalence and truncated count models) can be estimated separately. However, when observations are clustered and random effects are used, as in the multilevel approach used here, the two stage estimation procedure assumes that group random effects for prevalence and concentration ( v 0j and u 0j , respectively) are independent, when in fact they may be correlated (Min and Agresti 2005). This situation would arise when unobserved differences between states affect state-level prevalence and concentration in the same way, and could bias the results if not addressed. In response, Min and Agresti (2005) suggest fitting the hurdle model with random effects following a bivariate normal distribution and estimating the model via approximations (see also Cantoni et al. 2017).
Unfortunately, the software available at INEGI did not permit the fitting of a hurdle model with bivariate normal random effects. While this could potentially lead to some bias in the estimates, (Cantoni et al. 2017, p. 2191) note that estimated coefficients and standard errors are generally robust to this misspecification (see also McCulloch and Neuhaus 2011). Furthermore, Cantoni et al. (2017) note that when there is no correlation between cluster prevalence and concentration, estimates from independently estimated hurdle models are unbiased. As discussed in the "Dependent Variable" section, we found no relationship between prevalence and concentration of extortion at the state level, thus the assumption of correlated random effectcs can be relaxed and the independent hurdle approach used can be judged as appropriate.
All models were estimated using the "glmmADMB" package (Fournier et al. 2012;Bolker et al. 2012). We estimated the standard MNB model as a baseline to compare the estimates of the MNB-LH model. The MNB-LH model was estimated separately, with a multilevel logit (ML) estimating the likelihood of observing a victimization incident, and a multilevel truncated negative binomial (MTNB) estimating the expected concentration among victimized targets. Model significance of each individual model (MNB, ML and MTNB) was assessed using likelihood ratio tests (Cameron and Trivedi 2013, p. 49;Hilbe 2011, p. 177). Given that MNB and MNB-LH models are not nested-and hence not suitable for comparison using likelihood ratio teststhey were compared using the Akaike (AIC) and Bayesian (BIC) information criteria (Cameron and Trivedi 2013, p. 197), with lower values indicating a better model. AIC and BIC estimates for the hurdle model were calculated by adding the AIC and BIC estimates of the constituent models (Hilbe 2014, e.g. AIC MNB-LH = AIC ML + AIC MTNB ; see][p. 188). Table 1 shows the distribution of crimes across targets. This can also be displayed using Lorenz curves (Upton and Cook 2014b), which show the cumulative share of crime experienced by the cumulative share of the population that experiences them . If crime is evenly distributed, the Lorenz curve will approximate the line of equality shown in the figure. Deviation from this indicates that crime is unequally distributed (Tseloni and Pease 2005, p. 77). Figure 3 shows Lorenz curves for the observed and expected distributions, the latter being the distribution of the simulated replicates. The panel on the left shows that both observed and expected frequencies are highly concentrated among all businesses, which is to be expected given than the vast majority of businesses were not extorted. The right-hand panel, however, shows the distribution for victimized businesses-thus representing repeat victimization. The curve of the expected distribution is very close to the line of equality, while the curve of the observed distribution exhibits far more concentration. Crucially, a KS test ( D = 0.044 , p < 0.001 ) confirmed that the differences between the distributions are statistically significant-there is more repeat victimization than that expected under random victimization.

Univariate Analysis
Lastly, considering the shape of the statistical distribution, Table 3 and Fig. 4 show that there are more zeros that would be expected assuming a Poisson distribution ( 2 = 498.2 , df = 1, p < 0.001 ). However, after taking account of overdispersion by modeling a negative binomial distribution, there were no significant differences between the number of observed and expected zeroes ( 2 = 0.17 , df = 1, p = 0.68 ), hence the modeling strategy does not need to account for zero-inflation. Table 4 presents model statistics for null and fully specified versions of estimated models. Goodness of fit was assessed using likelihood ratio tests. Fully specified models were found to be significantly different from null models. Multilevel specifications significantly improved fit when compared to single-level models. Similarly, the MNB and MTNB models proved a significant improvement over Poisson and truncated Poisson models. AIC and BIC values for the hurdle model were smaller than for the MNB model ( AIC MNB−LH − AIC MNB = −219 , and BIC MNB−LH − BIC MNB = −38 ), which suggests that the hurdle model of extortion victimization is more appropriate. The table also presents estimates for state-level variance, the parameter, and the intra-class correlation (ICC), which are discussed in detail in a later section.

Statistical Modeling
Lastly, multi-collinearity was not deemed to be significant, as generalized variance inflation factors (Fox and Monette 1992, GVIF,][) were quite small (see Table 5). As (Fox and Monette 1992, p. 180) note, to preserve comparability inflation factors must be scaled by the amount of categories in categorical predictors. Adjusting for this, the largest value in column GVIF 1∕2df is 2.08-well within the thresholds that many practitioners regard as a sign of severe multi-collinearity 21 (O'brien 2007). For count MNB and MTNB models, the exponentiated estimates represent incidence rate ratios (IRR, Hilbe 2014, p. 60), whereas for the binary ML model they represent odds ratios (OR, Weisburd and Britt 2014, p. 568). Subtracting 1 from the IRR ( IRR − 1 ) gives the percentage change on the concentration of extortion victimization for a one unit increase in the independent variable, while OR − 1 gives the percentage change in the prevalence risk. For categorical independent variables, the percentage change is relative to the reference category. IRRs and ORs for log transformed independent variables 23 represent change for a 10% increase in the independent variable (given by 1.10 and 1.10 ).

Macro-level Effects
Overall, the associations between extortion and state-level variables were quite weak. Moreover, the associations were inconsistent for the prevalence and concentration components, as no state-level variable was significant in the count part (MTNB) of the hurdle model. Thus, the associations in the MNB model appear to reflect differences in prevalence risk captured by the ML model, rather than a state-level effect on repeat extortion victimization.
All else being equal, the ML model found that a 10% increase in the number of corruption victims in a state was associated with a 5% increase in the likelihood of a business becoming a victim of extortion. Similarly, a 10% increase in the number of federal weapon crimes in a state, was associated with a 4% increase in extortion prevalence risks. In contrast, a 10% increase in the number of federal drug crimes in a state was associated with a 2% reduction in the likelihood of a business becoming a victim of extortion. Lastly, differences in the rule of law index between states showed no association with extortion risks. 22 Raw model estimates can be found in the "Appendix". 23 Log transformed variables were centered around the log of the mean.

Micro-level Effects
Business-level effects were also inconsistently associated across the components of the hurdle model, with the exception of corruption victimizations and being a micro-sized business.  The MNB model indicates that a one unit increase in the number of corruption victimizations experienced by a business increases the number of extortion victimizations a business can expect by 32%. The hurdle components suggest that the effect of corruption victimizations is consistent for both the prevalence and concentration of extortion. The ML model suggests that a one unit increase in the number of corruption victimizations increases the likelihood of becoming a victim of extortion by 12%, whereas the MTNB model suggests that it increases the number of repeat extortions expected by extorted businesses by 15%.
Business size categories had contrasting effects for the prevalence and concentration components. Results from the MNB model suggest that micro-sized businesses suffer an average of 50% fewer extortion incidents than large businesses (the reference category). The insignificant coefficients for small and medium-sized businesses in the MNB model suggest that they suffer extortion victimization at the same rate as large businesses. However, the results of the hurdle model paint a more nuanced picture. The effect of being a micro-sized business is consistent across the hurdle: they are 30% less likely to become victims of extortion, and experience 66% fewer extortion repeats if victimized. On the other hand, small businesses face a 42% higher risk of becoming a victim of extortion, yet they experience 52% fewer extortion repeats once extorted. Medium businesses also see higher risks of extortion prevalence (23%), yet they experience repeat extortion at the same rate as large businesses, as the MTNB coefficient was not significant.
With few exceptions, most business types faced no difference in extortion risks relative to retailers (the reference category), though some categories presented contrasting effects across the hurdle components. Hotels, restaurant and bars suffer 48% more extortion incidents than retailers (MNB), though the hurdle model suggested that this was mainly due to differences in the prevalence risk, rather than due to repeat victimization. The category faced a 43% higher risk of becoming a victim of extortion (ML), though it showed no significant effect in the concentration of repeat victimization (MTNB). Manufacturers, maintenance service providers, and media businesses experienced fewer extortion incidents overall (from MNB: −19 %, −27 %, and −78 %, respectively), though for manufacturers and media businesses, such Corruption victimizations Exponentiated estimates and 95% C.I.

Fig. 5
Forest plot with exponentiated results from the models. Significance: * * * p < 0.001 , * * p < 0.01 , * p < 0.05 differences were apparently due to a lower risk of becoming victims (from ML: −16 % and −70 % respectively), as they did not suffer differential rates of repeat extortion according to MTNB estimates. On the other hand, the opposite appears to be true for maintenance service providers, whose odd ratios were not significantly different from 1, though they experienced 60% less repeat extortion than retailers. Lastly, while overall MNB and ML estimates did not reveal significant differences between retailers and transport providers, MTNB estimates suggest that once victimized, transport providers experienced 51% fewer repeats.
Business age also showed a contrasting effect across the components of the hurdle model. Though the MNB model showed a positive and significant effect for all age categories, the hurdle model suggests that this is due to changes in prevalence risk. According to estimates from the ML model, businesses aged 6-9, 10-14, 15-23, and 24 years or more are 39%, 43%, 56%, and 42% respectively more likely to become victims of extortion, when compared with businesses that had been in operation for 5 years or fewer (the reference category). However, once victimized, business age categories had no effect on the expected concentration of repeat extortion, as the coefficients in MTNB were not significant.

Unobserved Heterogeneity
Unobserved heterogeneity refers to differences in extortion victimization that remain unexplained by the independent variables in the study. Between-business unobserved heterogeneity ( in Table 4) arises when two identical businesses-in terms of those characteristics included in the model-suffer unexplained differences in extortion incidence. The independent variables selected reduced individual unobserved heterogeneity by 18%, from null = 9.12 in MNB, to = 7.48 in the fully specified MNB model. The relatively high value of unexplained heterogeneity that remains suggests that there are factors not included in the model that clearly influence extortion concentration. Such variables could relate to risk heterogeneity or event dependence, though it is not possible to tell with this model. On the other hand, the very substantive amount of unobserved heterogeneity in the count part of the hurdle model ( = 148.41 in MTNB), which was essentially unaffected by the inclusion of explanatory variables associated with risk heterogeneity, suggests that an alternative process, such as event dependence, may be responsible.
In contrast, unobserved heterogeneity between states ( 2 in Table 4) refers to differences in extortion risk faced by businesses in different states, after controlling for the variables specified in the model. In the MNB model, level 2 variance is reduced significantly by the inclusion of independent variables ( −65 %, from 2 u 0 null = 0.23 to 2 u 0 = 0.08 ). The hurdle model, suggests that much of this reduction is due to differences in the risk of extortion prevalence, rather than in repeat victimization, as the ML models saw reductions of 64% (from 2 u 0 null = 0.25 to 2 u 0 = 0.09 ) and the MTNB models reduced between-states unobserved heterogeneity by 32% ( 2 u 0 null = 0.31 to 2 u 0 = 0.21). Both the MNB and the MTNB models suggest that the intra-state correlations (ICC in Table 4) are very small, and that between-businesses variations are more relevant. When comparing all businesses, the ICC for MNB suggests that the probability of two identical businesses-in terms of the variables included in the model-experiencing the same extortion incidence due to being in the same state was only 1%. Conversely, the probability of two identical businesses experiencing the same number of extortion victimizations, after controlling for between-state differences, was 99% ( 1 − ICC ). For repeat victimization, the MTNB model suggests that this probability was 99.9%.

Robustness Checks
We performed a series of post hoc analyses to check the robustness of our results. First we calculated bootstrap standard errors for all models. To do this, we randomly sampled with replacement n business units 99 times, fitted models to each sample, and calculated the standard error of the bootstrap coefficient estimates. Then, we fitted a further round of models to a subset of data excluding observations with 30 or more extortions, to rule out a potential outlier effect. Figure 6 presents a graphical comparison of coefficient estimates and confidence intervals for the original models and post hoc robustness checks. Complete results tables are available in the "Appendix".
Post hoc estimates were remarkably consistent with those of the original model. For all models, bootstrap standard errors for business-level variables were only marginally different from the original models, with no changes in inference. Bootstrap standard errors for state-level variables were consistently smaller, though the changes only affected inference for control variables, with the exception of drug crimes in the MTNB model. Similarly, the magnitude and significance of parameters from models excluding outliers were very similar to those of the original model, with no changes in inference, except for the coefficient for drug crimes in the MTNB model.
Post hoc checks for unobserved heterogeneity were similarly consistent with original estimates. In the MNB model, business-level unobserved heterogeneity ( ) decreased a marginal amount after excluding outliers, while it remained virtually unchanged in the MTNB model. Similarly, state-level heterogeneity ( 2 ) was largely unaffected after excluding outliers in all models.

Discussion
This study set out to systematically examine victimization patterns of extortion against businesses in Mexico to determine if incidents concentrate on repeat victims, and to explore if the factors that explain the risk of becoming a victim of extortion also explain the concentration of repeat extortion victimization.
Using data from Mexico's commercial victimization survey, extortion incidents were found to concentrate above what would be expected by chance (H1), with repeat extortion victims suffering a disproportionate amount of total crime incidents-patterns consistent with findings on repeat victimization for most crime types in many countries (e.g. Farrell and Pease 2011;Farrell et al. 2005). In all, there were more repeat extortion victims than one-time victims, and close to 40% of all incidents were repetitions.
The literature on repeat victimization has traditionally considered that the factors that explain the prevalence of victimization also account for its concentration (e.g Pease and Tseloni 2014, p. 31). However, given that the role of event dependence may be more prominent in determining the risk of repeat victimization in the case of extortion, and that extortion often leads to enduring victim-offender relationships, we hypothesized that the factors that explain extortion concentration would be distinct from those that explain extortion prevalence (H2).
Using a multilevel negative binomial-logit hurdle model, we found support for H2. Overall, only two independent variables (corruption victimization and being a micro-sized business) showed a consistent effect for both prevalence and concentration. Most variables showed inconsistent effects (e.g., a positive effect for prevalence but a not significant effect for concentration), though some presented contradictory ones (i.e., a positive effect for prevalence and a negative effect for concentration). 24 The literature on protection theory (e.g. Kleemans 2018) suggests that area-level effects would likely be more relevant for extortion risks as opposed to specific factors associated with individual businesses. Our findings mostly contradicted this, as state-level variables were only marginally relevant for predicting extortion prevalence (with the exception of drug crimes, which post hoc checks suggested were significantly associated with extortion concentration). Notably, the direction of the effects of the significant variables did fit with theoretical expectations: Businesses in states with more corruption (and hence with poorer governance), and with more weapon-related crimes (and hence with more violence-prone organized crime groups) experienced a higher risk of becoming victims of extortion, while businesses in states with more drug trafficking activity faced lower risks of becoming victims of extortion, and less concentration if victimized. Unobserved state-level heterogeneity for extortion prevalence was comparatively smaller than for extortion concentration, though the latter was dwarfed by the residual between-business unexplained heterogeneity. This suggests that any area-level explanations for repeat extortion are unlikely to be found at the state level, and instead may be explained by variables measured at sub-state level (e.g. municipality, city, neighborhood).
Business-level effects proved to be far more important in explaining extortion risks, though they mostly affected extortion prevalence rather than concentration. We hypothesized that an association at the micro-level between corruption and extortion could be explained by direct relationships between extortionists and corrupt officials in Mexicoa link documented in the literature (Díaz-Cayeros et al. 2015;Morris 2013). While our analysis cannot refute the possibility of a spurious relationship (e.g. that extortionists and corrupt officials are attracted to the same kind of businesses), the fact that corruption victimization increases the likelihood of becoming a victim of extortion and the amount of repeat extortion incidents that businesses suffer once they have been extorted suggests that the relationship is substantive and robust. Nonetheless, having established that an association exists, exploring this issue further would seem to be important for future work.
Business size categories showed inconsistent relationships for prevalence and concentration components-with the exception of micro sized businesses which were consistently less likely to be extorted, and suffered fewer repeats once victimized. Small businesses were more likely to be extorted than large businesses (possibly due to their relative vulnerability), though they suffered significantly fewer repeat victimizations thereafter (as potential rewards were possibly clarified following the first offense). Similarly, the higher 24 Such inconsistencies of direction, magnitude and significance in the predictors may appear surprising, but they are in fact common findings in studies using hurdle models. For example, in a seminal study using a hurdle model to analyze healthcare utilization in Germany, Pohlmeier and Ulrich (1995) found that many of the predictors for the prevalence of visiting a physician were inconsistent with the predictors of the amount of visits by patients with at least one visit, indicating that prevalence and concentration of healthcare utilization were fueled by distinct processes. Similar inconsistencies across hurdle components can be found in studies of healthcare utilization in Mexico (Brown et al. 2005), workplace training (Arulampalam and Booth 1997), intimate partner violence (Hellemans et al. 2015), and sentencing decisions (Rydberg et al. 2017), for example. prevalence risk for medium businesses suggests more inherent vulnerability, though the similar rates of repeat extortion suggest less variability regarding potential rewards.
As expected, hotels, restaurants and bars did experience higher risks of extortion, though they did not experience more repeat incidents. The lower prevalence risks amongst manufacturers may point to accessibility as an additional factor influencing vulnerability to extortion: manufacturers tend to interact mostly with other businesses, while hotels, restaurants and bars are generally open to the public, and thus are naturally easier to access for extortionists. In contrast, the lower prevalence risk for media businesses may be related to risks perceived by extortionists, as extorting a news outlet such as a newspaper or a television station could lead to exposure. Results also showed that after being victimized once, most business types experienced similar rates of repeat extortion, apart from maintenance and transport service providers, which experienced less repeat extortion. We believe that such negative relationship may be related to factors affecting event dependence, such as victim response to the first offense (Farrell et al. 1995, p. 396). For example, transport providers may decide to avoid certain routes on which they have been previously victimized.
Contrary to our expectations, new businesses (those with 5 or fewer years in operation) experienced substantially lower risks of becoming victims of extortion, though age was not associated with extortion concentration. We speculate that the association may be explained by target visibility, rather than by an inherent attractiveness or vulnerability linked to businesses' age. All else being equal, new businesses may face lower risks because they are less likely be known by offenders-i.e. they are less likely to feature in an offender's awareness space (Brantingham and Brantingham 2011)-and "offenders can only commit crimes against targets of which they are aware" (Hepenstal and Johnson 2010, p. 266). However, once a business is victimized (and thus known to offenders), businesses appear to be equally vulnerable and attractive to extortionists regardless of how long they have been in business.
An important advantage of the hurdle model is that it allows clarifying the role of between-business unobserved heterogeneity for overall extortion risks (captured by the MNB model) and for the specific risks of extortion concentration (captured by the MTNB model). Many significant business-level predictors in the MNB model were in fact capturing differences in the prevalence risk, rather than in the risks of repeat extortion. Similarly, the between-business unobserved heterogeneity in MNB captures unexplained differences in both prevalence and concentration risks. By restricting observations to extortion victims, the between-business unobserved heterogeneity reported in the MTNB model refers only to unexplained differences in (repeat) extortion concentration. The high value of betweenbusiness unobserved heterogeneity, and the fact that it was unaffected by the inclusion of predictors, strongly support the hypothesis that (repeat) extortion concentration is fueled by a process distinct from that which explains extortion prevalence. We believe that this process is likely to be related to event dependence. As mentioned earlier, repeats are often associated with how victims respond to an initial event. Thus, if an initial extortion event were successful (in the offender's view), it may lead to further extortion incidents in the future, as the victim is known to comply. This would be similar to the case of bank robbery, where success in past events has been found to be positively associated with suffering a repeat robbery (Matthews et al. 2001). On the other hand, in the case of extortion the relationship between past success and future risk could also be negative, as refusal to comply with an extortion attempt could lead repeated (and escalating) threats, especially if these occur in the context of an institutionalized extortion relationship-such as those observed in organized crime-related extortion rackets. However, we were unable to test whether the outcomes of previous events were associated with repeat extortion, as the data used in this study cannot clarify this. However, this certainly appears to be a relevant area for future research, should the necessary data become available.
As discussed in section "A hurdle model of extortion victimization," it is important to remember that model choice was primarily driven by study design: our main hypothesis required the use of a two-stage model that allowed us to test whether the predictors of the prevalence of extortion victimization were consistent with the predictors of its concentration. As Rose et al. (2006) discuss, choosing the "best" modeling approach when dealing with overdispersed count data should be based on a study's aim and purpose, as models fit using zero-inflated and hurdle frameworks can sometimes be indistinguishable (see also Gray 2005). Thus, while alternative model frameworks (e.g. as zero-inflated models, or variations of the hurdle components used such as modeling concentration using a mixture of truncated counts) may also prove suitable to model extortion data, we did not consider their use to be within the scope of this study. This would certainly appear to be an important avenue for future research.
There are, of course, other limitations to the present study. Chief amongst them is the validity of using victimization surveys to measure extortion against businesses. Di Gennaro and La Spina (2016;see also La Spina 2008;La Spina et al. 2014) suggest that victimization surveys are not reliable instruments to measure extortion (p. 4), though it is worth noting that their criticism is based on Italian victimization surveys, particularly one by Confcommercio- GFK Eurisko (2007), and another by TRANSCRIME (Mugellini 2012). Their main contention is that the surveys' low response rates (6.3% and 14%, respectively) lead to self-selected samples unlikely to produce reliable outcomes (Di Gennaro and La Spina 2016, p. 4). Additionally, Asmundo and Lisciandra (2008) note that "victims of extortion are unlikely to come forward as such" in victimization surveys (p. 227). They ascribe this reticence to the fact that for many Italian-and especially Sicilian-businesses, "extortion is considered as 'normal' and made endogenous by the economic and social system, as an (ordinary) component of production costs," and as such it loses its "criminal profile" (Asmundo and Lisciandra 2008, p. 227)-i.e. they do not consider themselves victimized.
We find little evidence of these limitations in Mexico. First, the response rate for the ENVE's random sample was much higher at 84% (Jaimes Bello and Vielma Orozco 2013), which should assuage fears of self-selection affecting measurement validity. Second, there is no evidence of a process of extortion "endogenisation" (Asmundo and Lisciandra 2008) in Mexico; in fact, the opposite appears to be true. Faced with increases in extortion and other organized crime related violence, the response from the business community in Mexico has ranged from vociferous protest, to proactive involvement in the improvement of public security institutions (Shirk et al. 2014). For example, in Monterrey businesses spearheaded, and funded the creation of a new state police force in association with universities and civil society (Conger 2014). Thus, we find little reason to believe that businesses in Mexico would systematically refuse to provide truthful answers regarding their extortion victimization experiences to the ENVE. As such, we believe that the extortion estimates captured by the ENVE suffer no more than the well-known measurement limitations shared by all well conducted victimization surveys ( see Lynch 2006, p. 245;Skogan 1986; UNODC/UNECE 2010).
Lastly, other important limitations refer to the temporal horizon imposed by the cross-sectional design based on a 1 year period. First, by collapsing the temporal scale to 1 year, the study cannot capture the time-course of repeat victimization (Johnson et al. 1997)-i.e. it cannot measure how extortion risks change immediately after a victimization incident. Second, the reference period artificially imposes a time-window on repeat victimization-i.e. some extortions early in the period may be repeats of extortions that took place before the period began and some extortions at the end of the period may have repeats after it ends-which would lead to an undercounting of repeat victimization (Farrell and Pease 1993, p. 19). Such limitations are difficult to overcome with the current data, though perhaps future iterations of the ENVE could incorporate an "embedded panel" (Hopkins and Tilley 2001) to address some temporal variation.
In conclusion, this study applied a novel modeling strategy-the multilevel negative binomial-logit hurdle model-to identify whether the processes that lead to extortion prevalence are the same as those that lead to extortion concentration, as tends to be considered in the repeat victimization literature. The findings support the use of the hurdle model over the negative binomial model. Thus, studies on crimes where repeats are thought to be strongly influenced by event dependence mechanisms (such as domestic violence), would do well to test whether the hurdle model is a better fit. Furthermore, the study expands the crime concentration literature by focusing on a non-traditional crime type (extortion) in a new context (Mexico). Findings highlight areas that need to be researched further. These include, for example, analyzing area-level effects at smaller spatial resolutions, and directly discriminating between risk heterogeneity and event dependence as sources of risk for repeat extortion using longitudinal data. In addition, a follow up qualitative study of the most chronically victimized studies would further enhance our understanding of repeat extortion victimization. Hopefully, subsequent studies will find in this paper a useful starting point to build upon and develop finer insights. Table 6 Model estimates (log scale) and robustness checks for multilevel negative binomial (MNB) models * * * p < 0.001 , * * p < 0.01 , * p < 0.05 . Bootstrap repetitions: 99