You cannot change facts (i.e. the industry your business is in, the regulations it’s up against, the type of sensitive information you’re responsible for managing, etc.) but you can change problems (i.e. user behavior, wayward goals, management not on board with security, etc. ).
As the philosopher James Burnham once said:
In the case of information security, there are tons of alternatives to the issues we face. It’s up to us to focus on what counts so we can eventually make a difference.