I worked in a private company that chose to comply with SOX because they did business with public companies and planned to open an IPO. They wanted to be ready and to show other companies that they were ready. This is best explained in this article “Why Private Companies Should Not Ignore the Sarbanes-Oxley Act” (https://www.lowenstein.com/files/Publication/ef8c00a3-baf7-42b7-8a85-ed29d2cc9773/Presentation/PublicationAttachment/75d74723-2031-4080-9791-00cddcd7a3f6/WSL%20-%20PHE%20%26%20AOP%20-%20Dec%2002.pdf)
Another article also supports that private companies should use SOX: “The Bottom Line… Sarbanes-Oxley Affects Private Companies And Nonprofit Organizations, Too” (http://www.metrocorpcounsel.com/articles/5249/bottom-line-sarbanes-oxley-affects-private-companies-and-nonprofit-organizations-too)
Similar to the optional ISO900x and ISO14001 standards companies typically will opt for it since having them implemented makes them more attractive to other companies many of whom will only do business with those who are compliant.