I usually recommend users regularly keep their system up to date.
The kernel is actually low on the list of priorities, in my opinion.
Security updates on LTS kernels get backported, even after EoL.
Security updates in kernels are also not common. Most security updates are in system and package updates.
I often do recommend locking in a working kernel, to avoid regressions and bugs - the 6.17 kernel being a big shining example of the fallacy of "latest and greatest."
The Linux Kernel is primarily motherboard and hardware - so if everything is working, even on an "early" kernel, it means you have all that you need.
In some cases, wifi being a common one... A Kernel upgrade may bring better support or functionality. But this also is less common - so the user should follow release or patch reports to know.
And in that case, the user would know that they have an incomplete module...