I don't know the statistics but a non-empty address hardly contains more than 5% of total wallet funds on average IMO.
But now you are assuming additional knowledge, such as that an attacker knows which addresses are derived from the same seed phrase, that there is no passphrase in use, and what the derivation path being used is. Don't forget as well that
as I said above, turning a valid seed phrase in to an address to check for funds is computationally expensive, and so brute forcing x number of seed phrases takes significantly more computing power and time than brute forcing the same number of individual private keys, even more so if for each seed phrase you want to start checking additional derivation paths.
I understand it will cost more ressources and time to attack a seed with the same entropy as a private key, than to attack an address but by doing that the attacker will only get less than 5% of the wallet funds on average at the end. So as long it costs less than 20x times the cost of an attack on an address, it might be worth it even if the "investment" is higher.