This is the easy part for you - you don't have to understand my reasoning. I block all traffic not needed for the business. By blocking all traffic not needed for the business I EXPOSE LESS, which puts me one step closer to not having to worry about some unknown exploit. That's all the reason for it, nothing else, simple concept - block what you don't need.
Here's another thing, and don't confuse this with my blocking ICMP, I also block all access from IP lists that resolve to various countries for other networks - for instance, if we have a mail server, in-bound SMTP is filtered for content and a master block list is also applied against it for filtering email from lots of IP ranges that resolve to known geographical locations.
It's all about exposing ONLY WHAT YOU NEED and ONLY WHAT YOUR TARGET NEEDS - if you expose more than what's needed you expose yourself to exploits that you may or may not already know about.