Hey Jeroen
A single IP will only hit you a few times... typically below the threshold of standard fail2ban or other alarm bells. The distributed scanner will keep on trying by using another IP from their vast botnet...
Well, from experience I cannot confirm that at all. Apparently, there are still a lot of script kiddies out there or less sophisticated attacks going on. Fail2Ban sure helps with those.
If you want to use it in a more aggressive way you can also combine port knocking with fail2ban and ban source IPs the first time they "misbehave".
The big question: Why is that SSH port open to the world ? :)
Depends on the use case. I second your opinion when it comes to best-practices but I am also running a couple servers with SSH open to the world because I don't have, need or want an extra jump host at that location to access a single system for example. So there are reasons.
Cheers, Manuel