It depends heavily on what you class as "adequate". Since we know the seed can be extracted from Trezor wallets if an attacker has physical access to it, 37 random characters was recommended by the Ledger Donjon Team because that is what is require to have at least as much entropy as the 24 word seed itself would have. So for the passphrase on its own to be as secure as the seed on its own, then 37 random characters are needed. However, that does not mean that anything less than 37 random characters is automatically inadequate. It depends heavily on your risk model, and how long it would take you to firstly realize that your hardware wallet has been stolen, and secondly to access your back ups and send all the coins to a new wallet.

If, for example, a hardware wallet could be missing for several weeks before you noticed (for example, if it was stored in a safe deposit box), or it would take you several weeks to be able to access your back ups and move your coins (because they are stored in a different city or country to you), then you would certainly want a very long and random passphrase to make brute forcing it unfeasible. If, however, you would know at most within a couple of hours if your hardware wallets were stolen, and could access your back ups in a further hour or two, then a much shorter passphrase would be "adequate". If an attacker only has 12 hours between stealing your wallet and you moving all the coins, then even checking 1 billion passphrases per second would only give them time to check 4.32*10¹³ possibilities. Even if your passphrase was only 10 random characters, then they would only have time to check 0.00007% of potential passphrases before you secured your coins.

I would always advocate for everyone to use a long and random passphrase with their hardware wallets, but I wouldn't call anything less than 37 characters necessarily "inadequate".