but isn't it possible, for example, to make encrypted IPsec yourself?

Can.

Why Mrs. institutions, industrial enterprises do not spare money for such expensive equipment?

Why do bank safes use expensive locks? Is it really impossible to put the one bought in the nearest hozmage?

Because there are requirements of a bunch of information security standards that communication channels must comply with, and security gateways have such certificates. And in the state, everything should be its own, so that the enemies do not fit in, and friends remain warm, hence the state Linux and other crafts.
The same with the requirements for certification of border and public equipment - wifi from mikrotik is much cheaper and more modern than cisco - but you can’t install it at school - there is no certificate, e1 / sip gateway from yealink also works well, but the provider requires a certified cisco

There are encryption requirements. This part of the work is carried out on separate equipment.

unless it is impossible for example to make ciphered IPsec independently?

Can. Only the Continent has more opportunities than the usual IPSEC. For example, there is a dedicated Network Control Center, there are software clients such as Cisco any connect, there is the possibility of encryption according to GOST. In addition, CIPF must be certified. I recommend reading orders 21 and 17 FSTEC.

industrial enterprises do not spare money for such expensive equipment?

It is not so expensive if we compare hardware similar in functionality (but not in certificates) from Cisco / juniper.