Since they control the rendering, they can shut it off by not hyperlinking the link or displaying a warning next to it, they don't need to put an always-on tracking mechanism in place that sends them click data even when the link is not determined to be malware.
I imagine that many organizations would like to know which of their employees did click a link that turns out to be malicious, so that the company can check those employees' computers for malware. Tracking could be useful for determining the severity of the damage done by a successful phishing attack.
And, of course, tracking.