Cisco have been good - they say it is a "known issue", however they are unable to reproduce it in the lab, so are simply going to refund me the purchase price. No prob there.
The question is: for a private network, am i really exposing myself to any risk by running without SPI? Or am I worrying about nothing? I understand the basics of what SPI does, just a little unclear on the real-world benefits/risks.