I can assure you existing customers(non business) do still use a disproportionate amount of support. Things like feature requests, lost passwords, new user on boarding, any time anything doesn't work as the user expects, etc
As for the finances here sure it gives up some income but will also free up a lot of time for someone who is currently doing support so they could focus on other things
While this is definitely a factor I'd place the issue one more level up. Businesses typically do not prioritize security at all. This then causes an adversarial relationship. Ops team has kpi/goals to get shit done and none for doing it well or securely so understandably they don't want to "waste" time with the security team's requests. This of course assuming there is a security team at all or that the ops team isn't outsourced and gives even less of a shit what the quality/security is