It may or may not be a concern to you, but if you are hosting it from your home then people will be able to determine your IP and rough physical location.

If you’re on American cable internet and expecting a lot of traffic, your upload speed may become a problem.

A large percentage of those hosts with SSH enabled are cloud machines because it’s standard for cloud machines to be only accessible by SSH by default. I’ve never seen a serious security guide that says to set up a VPN and move SSH behind the VPN, although some cloud instances are inherently like this because they’re on a virtual private network managed by the hosting provider for other reasons.

SSH is much simpler and more universal than a VPN. You can often use SSH port forwarding to access services without configuring a VPN. Recommending everyone to set up a VPN for everything makes networking and remote access much more complicated for new users.

Shodan reports that 35,780,216 hosts have SSH exposed to the internet.

Moving SSH to ports other than 22 is not security. The bots trying port 22 on random addresses with random passwords don’t have a chance of getting in unless you’re using password authentication with weak passwords or your SSH is very old.

SSH security updates are very infrequent and it takes practically no effort to keep SSH up to date. If you’re using a stable distribution, just enable automatic security updates.

Having SSH open to the internet is normal. Don’t use password authentication with weak passwords.