Looking at the still-supported LTR kernels, even the oldest one isn't all that old.
For network-connected embedded systems (routers, network-connected printers, IoT, etc.), I would want a kernel that had security-but-patch-maintenance for at least the useful life of the hardware itself - 5-10 years in most cases, longer in some cases like cars, refrigerators, etc.
If you are designing a device like this and care about maintaining for security then you need to have a continual, preferably over the air, upgrade system in place.
Given that you would be looking at several libc updates over that period upgrading a kernel major version should be expected and not a significant problem. You would be much better off investing more in the update and recovery system than backporting kernel security fixes for ten years.