Dr Ian Levy, technical director of the UK’s National Cyber Security Centre, made the accusation in a speech.
He said the firms played up hackers’ abilities to help them sell security hardware and services.
Overplaying hackers’ skills let the firms claim only they could defeat attackers, a practice he likened to “witchcraft”.
In a keynote speech at the Usenix Enigma security conference, Dr Levy said it was dangerous to listen only to firms that made a living from cybersecurity.
“We are allowing massively incentivised companies to define the public perception of the problem,” he is reported as saying.
He criticised security companies’ marketing materials for depicting hackers as hugely skilled masterminds and for the hyperbolic language they used to describe cyberthreats.