One reason is that it makes ISO 27001 compliance harder.
I don’t know the details (maybe someone who does can add more info), but it was the reason my last employer gave me a mac when I asked for a Linux laptop.
If you are going to exceed ISO standards you are going to have to be familiar with them.
It's even better if you know how to outperform them before they arise.
If official conformation is required, lots of times this is designed for only quite large organizations to be able to afford financially because of the undue amount of talented individuals' time it can require to be diverted away from profitable activities in a usually endlessly growing way.
If accreditation is required, it's so costly that it ends up with everything along the chain just barely passing requirements, I would say whether it was quality standards or security standards.
One thing's for sure, the chemical plants around here have had about a consistent 10X multiple in quality incidents compared to the same facilities before they implemented European standards. And the dust of the transition has been settled for a long time now. It just takes so much more effort now to achieve a much lower level of reliability. It was a slippery slope gradually over generations of operators where the decline might be noticed over one whole career, but never by a single individual in a high-turnover position (especially one subject to frequent promotion). They just used to get so much more bang for their quality buck in the ingrained way they far exceeded the standards way before the standards ever arose. The good companies didn't compromise what they had at first, and just layered on an ISO-oriented bureaucracy, but that is the most costly way to do it and over the decades the bureaucrats are going to have the strongest hierarchy against occasional cutbacks.
To truly exceed a standard you've got to have more than just barely passing abilities, and if you've got that you're in a niche where you can pick up where the others leave off.
Anybody got an idea how much it costs just to maintain a Windows system to support specialized business or industrial applications?
I would imagine there are established service operators who prosper by doing just about this alone.
So the ultimate users can smoothly utilize the kind of expensive Windows-only software that are a lot more costly than the Windows and/or Office licensing itself.
People recognize that kind of corporate environment would never be able replace Windows with Linux until there was an equivalent specialized software package that was Linux-compatible and not Windows-only. There is a lot of legacy/domain expertise here that would need to be accounted for.
The replacement for the specialized software would not have to be open-source itself, but either way there should still be opportunity to disrupt if you could make sales where the customers' total software-licensing cost immediately goes to zero. From that point forward.
Even if all you did afterward was maintain their system at the same cost their previous Windows-maintainers were doing, and prosper the same way they are doing now, it could be pretty good and better than making no sales at all to otherwise impenetrable customers.
Another good business might be to help companies make ISO 27001 compliance easier for Linux systems.
Then iterate beyond that so they have way more security than just barely passing compliance.