We examine security domains where defenders choose their security levels in the face of a possible attack by an adversary who attempts to destroy as many of them as possible. Though the attacker only selects one target, and only has a certain probability of destroying it depending on that defender’s security level, a successful attack may infect other defenders. By choosing a higher security level the defenders increase their probability of survival, but incur a higher cost of security. We assume that the adversary observes the security levels chosen by the defenders before selecting whom to attack. We show that under this assumption the defenders over-protect themselves, exhausting all their surplus, so optimal policy requires taxing security, as opposed to the subsidies recommended by alternative models for contagious attacks which do not take into account the attacker’s ability to observe the defenders’ choices.