Well the answer to that actually links convenience and security together. Corporates prefer to use "Default Permit" to ease on log file sizes and improve better traffic flow which normal users might complain if their internet traffic gets limited.

However if you are talking about security companies, banks or government agencies, they will definitely need deny most traffic for safety reasons such as malware, social engineering and other more.

Therefore to answer your question it would be due to large amount of users and traffic utilizing the proxy which corporates might incur huge costs if limiting traffic for both business and technical reasons.

There are quotes and explanation like "For example, every user input field in every single page of the application needs to be properly described to the application firewall in terms such as maximum field size, allowable data types/values, unallowable data types, etc. This drawback is exacerbated if the application firewall is “default deny.”" - Taken from https://buildsecurityin.us-cert.gov/bsi/articles/best-practices/assembly/30-BSI.html

That website seems pretty useful so have a look at it.