These days, many people need computer systems in order to do work. We rely on the computer systems to be consistent and do what we expect them to do.
When an intruder breaks into a computer system and modifies it, the system's integrity has been compromised. There is no way to distinguish which parts of the computer system are doing what we want and expect.
For example, after a break in, how do you know that the /bin/ls command you used to make sure everything looks OK has not been replaced with a different file, one that does something you don't expect, like failing to show the attackers files?
The answer is that you don't know unless you can verify the integrity of /bin/ls. To do that you need two things: a snapshot of the state of /bin/ls the last time you were sure it was OK; and a snapshot of the state of /bin/ls now.