ECC is significantly faster than RSA at equivalent security levels. In case it isn't immediately clear: RSA-2048 doesn't provide 2048 "bits of security"; the 2048 describes the modulus size, but the security level is closer to 115 bits. A 256 bit ECC curve provides more security than a 2048 bit RSA key.

Another reason is that progress against ECC has been slower than it has against crypto in the integer mod prime groups. ECC is based on a variant of the discrete log problem that defines multiplication in way that isn't amenable to index calculus algorithms, which are making progress against integer DLP. It may be that in the future, it won't be sufficient to steadily ramp up RSA or DH modulus sizes. ECC is thought to be more future-proof.

Finally, ECC constructions happen to be quite amenable to modern crypto protocols; it is easy to do DH with ECC, and easy to sign with ECC, and DH+signatures forms the backbone of a number of modern protocols (because it's a design that provides forward secrecy).