Four is bcrypt's minimum cost (work factor), built into the algorithm itself by the original authors (Provos and Mazières) [in 1999][1].

The original/reference implementation is OpenBSD's, which [forces the cost to 4 if a cost less than 4 is requested][2].

The original selection of 4 was likely because a goal Provos' local testing during development was for hashing to be sufficiently slow, [but not "too" slow][3] (this is a reply to my question from Provos himself).

So while could compile a local version of the code yourself and override this minimum, I do not recommend it (for anything other that for curiosity / testing purposes). bcrypt cost 4 is much too slow on modern CPUs (compared to 25 years ago!). I would consider cost 10 to be the minimum today for secure production use, and cost 12 if you can get away with it.

 [1]: https://www.usenix.org/legacy/publications/library/proceedings/usenix99/full_papers/provos/provos_html/
 [2]: https://github.com/openbsd/src/blob/master/lib/libc/crypt/bcrypt.c#L77
 [3]:
https://ioc.exchange/@nielsprovos/112406198496771352