Unattended upgrades
From Freephile Wiki
'unattended upgrades' is the name of the package on Ubuntu that will give you automatic security updates
Configuration is in /etc/apt/apt.conf.d/50unattended-upgrades
Enable unattended upgrades in /etc/apt/apt.conf.d/10periodic
The Server Guide suggests installing apticron to get notification emails
If you're running at least 16.04, you can also sign up for the LivePatch service (free for 3 machines) which can patch the kernel without reboots. Similar services from RedHat etc. cost ~2K per year.