Responsible Note: As always please don’t take my response as anything more than thoughts based on the information provided. Do Your Own Research Beyond This Question!
Core auto-updates:
If I was running a “small hosting company with a few hundred sites hosted on cPanel” I would turn auto update WP core on, make it very clear to the users and offer an opt-out option. I’d let them know I was doing that prior to signup and, for existing customers, I’d make a point of getting consent from them prior to enabling it. I’d enable Core auto-updates because they are less likely to break client sites (that’s a kind of feature of WordPress) as they should only be security updates. See the Docs.
Plugin auto-updates:
For plugins, I would probably offer that as an opt-in option. From my experience, people often don’t understand the implications of plugins and install them with very little forethought. I would make it clear to customers that it’s an option and I’d recommend they opt-in but provide “loud” warnings of the implications. Blindly updating third party code can be more likely to break a site (in my experience.)
As for this bit:
Doing so would greatly improve the security of the entire hosting.
I generally agree BUT I think you should strongly reconsider your setup if you want to do this to improve security of neighbor customers. Sandboxing is very important on a shared host, especially when customers can upload and execute arbitrary code. This part of the answer is out of scope for a forum like this however try security.stackexchange.com for more detailed Q&A.
And again, these are only thoughts based on info provided. DO YOUR OWN/MORE RESEARCH.