Dr Ian Levy, technical director of the UK's National Cyber Security Centre, made the accusation in a speech.
He said the firms played up hackers' abilities to help them sell security hardware and services.
Overplaying hackers' skills let the firms claim only they could defeat attackers, a practice he likened to "witchcraft".
In a keynote speech at the Usenix Enigma security conference, Dr Levy said it was dangerous to listen only to firms that made a living from cybersecurity.