Open source software doesn't generally have a company behind it that you can obtain support from via a contract. Some do, but a small, but dedicated library that your entire company relies on? Probably not.
Additionally, there's some perception that paying for software results in a better product than paying zero, which is an intuition from the adage "you pay for what you get". Programmers and users of open source software generally believe the opposite, but executives and middle managers are in a completely different headspace from the workers that produce and use these products.
There is one aspect of that which is true: If upstream breaks your product, you have to figure it out. You can't (or at least shouldn't) just yell at some company upstream and hope they unbreak things. So, the support costs become the company's costs, and who knows how much those costs actually are if you aren't ready to track such thing?
False, many open source projects have companies behind them that provide enterprise hosting amd support. MongoDB, Android, Chromium, Hashicorp, GraphQL, Kubernetes and many many more.
I think that the above companies/projects speak for themselves on this point.
A lot of the time, if companies are to rely on upstream code, they contribute to the upstream. None of the companies that I have ever worked for do major upgrades before stable candidates are out. My company presently doesn't move to a new release until SemVer x.2 (at a minimum, unless there is a critical vulerability that has been patched).
Take a survey of all open source projects. Then find the proportion that have a company behind them trying to sell an enterprise solution. To make this easier, only look on something like the npm repository.