Because we can
The motivation for an attack can vary greatly. But simply put, you got money and information of value that the attackers want to deprive you of. Or maybe the attacker just wants to hurt or defame you in some way.
Because if you do not take appropriate steps to secure your information and that of your clients, you are committing a crime. And as such may be liable for damages, fines and legal fees. Not to mention loss of business and possible jail time.
You could, but you're not qualified or certified, nor have the extensive experience and background required to make apt decisions should the need arise. Also you won't get a nifty detailed report or meet compliance regulations.
There are several phases to a pentest and the one that consumes the most time is reconnaissance or footprinting. This is the phase where we gather as much information as possible, this is imperative for the successful completion of the next phases.